Security Model

• Client-side (SDK): Use Project ID + entitlement (Steam recommended).
• Server-side (API Keys): Keep keys backend-only.
• Abuse Controls: Built-in rate limiting + entitlement checks.