# Important Notes (/docs/risex/api/important-notes)

# Important Notes

## Signer Registration

* **One-time setup**: Register signer once per account
* **Store securely**: Keep the `signingKey` private and secure - it authorizes all transactions
* **Expiration**: Signers expire after the expiration time (typically 7 days)
* **Re-registration**: You may need to re-register if the signer expires

## Permit Params

* **Required for all authenticated calls**: Every API call that modifies state needs permit params
* **Bitmap-based nonces**: Uses `nonceAnchor` (uint48 epoch) and `nonceBitmap` (uint8 bit index) for replay protection, allowing up to 256 concurrent valid nonces per epoch
* **Deadline**: Typically set to 7 days from now
* **Signature**: Must sign the `VerifyWitness` EIP-712 typed data with the signer's private key
* **Permissions**: Signers can have granular permissions (All, Perps, Spot, MoveFund)

## General

* All amounts should be in wei format (18 decimals) for blockchain transactions
* Timestamps should be Unix timestamps (seconds)
* Signature generation follows EIP-712 standard
* Deadline should be set appropriately (typically 7 days from now)

## Security Best Practices

* Never expose your `signingKey` in client-side code or public repositories
* Store signing keys securely (use environment variables or secure storage)
* Rotate signing keys periodically
* Monitor for unauthorized transactions