> ## Documentation Index
> Fetch the complete documentation index at: https://docs.gx402.org/llms.txt
> Use this file to discover all available pages before exploring further.

# Security

> Security architecture and features of the Gx402 SDK.

# Security Architecture

The Gx402 SDK is built with a robust security architecture designed to protect user assets, transactions, and data integrity across all layers of the system.

## Wallet Security

* **Embedded Wallets with MPC**: Embedded wallets utilize Multi-Party Computation (MPC) for key management, enhancing security by distributing trust.
* **Private Keys Never Exposed**: Private keys are never exposed to the game client, minimizing the risk of compromise.
* **Secure Enclave Storage**: On mobile devices, private keys are stored in secure enclaves, providing hardware-level protection.
* **Optional Hardware Wallet Support**: For advanced users, the SDK offers optional support for hardware wallets like Ledger and Trezor.

## Transaction Security

* **EIP-712 Structured Data Signing**: Transactions leverage EIP-712 structured data signing for clear, human-readable transaction details, enhancing transparency and preventing phishing attacks.
* **Nonce-based Replay Attack Prevention**: Each transaction includes a unique nonce to prevent replay attacks.
* **Time-bound Transaction Validity Windows**: Transactions are valid only within specified time windows, reducing the risk of stale or manipulated transactions.
* **Domain-Specific Signatures**: Signatures are domain-specific, further mitigating phishing risks.

## Smart Contract Security

* **Audited Payment Contracts**: All payment-related smart contracts are audited by reputable firms (e.g., OpenZeppelin standards) to ensure their security and reliability.
* **Upgradeable Proxy Patterns**: Smart contracts utilize upgradeable proxy patterns, allowing for bug fixes and feature enhancements without requiring a complete redeployment.
* **Multi-sig Admin Controls**: Critical functions and administrative actions are protected by multi-signature controls, requiring approval from multiple authorized parties.
* **Emergency Pause Functionality**: An emergency pause functionality is implemented to halt contract operations in case of a severe security incident.

## API Security

* **API Key Authentication**: All API requests are secured with API key authentication for developers.
* **Rate Limiting**: API endpoints are protected by rate limiting (per-key and per-IP) to prevent abuse and denial-of-service attacks.
* **HMAC Signature Verification for Webhooks**: Webhook payloads are secured with HMAC signature verification, allowing your application to verify the authenticity and integrity of incoming events.
* **TLS 1.3 Encryption**: All communications with the Gx402 API are encrypted using TLS 1.3, ensuring data confidentiality and integrity in transit.