> ## Documentation Index
> Fetch the complete documentation index at: https://docs.meum.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Api Key Security

> Meum security guidance for api key security.

Store API keys like passwords.

* Never commit keys to source control
* Use environment variables or secret managers
* Rotate keys if compromised via Merchant Admin
* Use Woo bootstrap keys only for connect; runtime uses dedicated keys
* Bootstrap keys cannot create invoices (returns HTTP 403)

## Related pages

* [API key security](/security/api-key-security)
* [Webhook security](/security/webhook-security)