← VideoOS home · Docs

← Docs · Security

Security & your API key

Problem

You want to use MaxAI securely.

Solution

Treat your API key like a password: send it only over HTTPS in the X-API-Key header, never commit it to public repos, and rotate it if exposed. MaxAI publishes a security contact at /.well-known/security.txt. Payments use signed, idempotent confirmations; no card data is stored on MaxAI.

Examples

Always call the API over https://

Rotate a leaked key immediately

FAQ

Where do I report a vulnerability?

See https://maxai.fyi/.well-known/security.txt

Is my card stored?

MaxAI uses crypto/processor checkouts; no card data is stored here.

API references

/.well-known/security.txt