Security¶

Built-in primitives¶

• JWT guard
• API key manager
• CORS profiles
• CSRF protector
• Secrets manager
• Audit logger

Best practices¶

• Rotate secrets and keys
• Use strict CORS in production
• Enforce authz checks for sensitive routes
• Log security events with correlation IDs