## 10. Security & Compliance

1. HMAC secret_key must only be stored in secure server-side storage and must not be passed to front-end or mobile clients.
2. Callers should use globally unique request_id to ensure business idempotency.
3. Default rate limit is 600 requests per minute per API Key. Please contact technical support if higher quota is needed.


### 10.1 Support Channels

- Technical support email: **dev@infini.money**