Security & Privacy
Operational posture
X-40™ is designed for production governance and auditability with privacy-first integration options.
API keys
Clients authenticate using X-Api-Key. Keys must be treated like passwords and stored in server-side secrets managers (never in front-end code).
Trace modes
- none: minimal output fields
- summary: minimal audit + text
- full: includes token trace when available