# Important Notes (/docs/risex/api/important-notes)

# Important Notes

## Signer Registration

* **One-time setup**: Register signer once per account
* **Store securely**: Keep the `signingKey` private and secure - it authorizes all transactions
* **Expiration**: Signers expire after the expiration time (typically 7 days)
* **Re-registration**: You may need to re-register if the signer expires

## Permit Params

* **Required for all authenticated calls**: Every API call that modifies state needs permit params
* **Unique nonce**: Each permit param must have a unique nonce (use `createClientNonce`)
* **Deadline**: Typically set to 7 days from now
* **Signature**: Must sign the encoded contract data hash with the signer's private key

## General

* All amounts should be in wei format (18 decimals) for blockchain transactions
* Timestamps should be Unix timestamps (seconds)
* Signature generation follows EIP-712 standard
* Nonce should be unique for each request
* Deadline should be set appropriately (typically 7 days from now)

## Security Best Practices

* Never expose your `signingKey` in client-side code or public repositories
* Store signing keys securely (use environment variables or secure storage)
* Rotate signing keys periodically
* Monitor for unauthorized transactions