Security
User sessions are issued as signed HttpOnly cookies after backend verification.
API keys are shown once, stored hashed, revocable, and rate-limited.
Stripe events are signature-verified and stored idempotently before credits are granted.
User sessions are issued as signed HttpOnly cookies after backend verification.
API keys are shown once, stored hashed, revocable, and rate-limited.
Stripe events are signature-verified and stored idempotently before credits are granted.
Account access
Use Google for a fast sign-in or send yourself a magic link to your work email.