# 11. Security Considerations (Implementation Checklist)

* [ ] Key management for venue adapter credentials (KMS/HSM recommended).
* [ ] Deposit confirmation thresholds per network (use confirmations from `available-currencies` metadata).
* [ ] Strict address validation (`regexAddress` and memo requirements where applicable).
* [ ] Idempotency for create-order requests to prevent duplicates.
* [ ] Retry classification (retryable vs terminal) to avoid double-execution.
* [ ] Rate limiting and abuse controls per partner key.
* [ ] Audit-grade logging with sensitive data minimization/redaction.