> For the complete documentation index, see [llms.txt](https://docs.lambahq.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.lambahq.com/getting-started/recommended-security-considerations.md).

# Recommended Security Considerations

## Super Restricting Your API Keys

{% hint style="danger" %}
**Very important tip:** Restricting your API keys only works for static IP addresses. If your hosting provider generates new IPs for each deployment of your service, then consider not setting API key restrictions **(or proceed with caution)**.
{% endhint %}

As individuals, it's crucial to exercise extreme caution; therefore, we highly advise limiting the usage of your keys based on specific IP addresses. To do this, go to the settings area of your application and find the **Security: API Key Access** section, as indicated below. Here, you can enter the IP addresses where you intend to use your API keys. By default, this field is either empty or unset. 

Additionally, you have the option to completely stop the use of your API key by deactivating it, as demonstrated in the image below. However, it's important to realize that this action will fully disable your API key, causing your app to stop functioning until you reactivate the key. This feature serves as a temporary measure to disable your keys when you don't need them currently, rather than a comprehensive solution to prevent unauthorized use, as it also impacts your access when disabled.

<figure><img src="/files/tnOYAM7lbvUmCYnRRagp" alt=""><figcaption><p>Restricting API key access</p></figcaption></figure>

## Enabling 2 Factor Authentication

As users, prioritizing security is essential; thus, we strongly recommend enabling two-factor authentication (2FA) on your account for enhanced protection. To activate this feature, navigate to the **Settings > Security** section of your dashboard as shown in the accompanying image below. In this area, you can set up 2FA, which adds an extra layer of security beyond just your password. Initially, this option is not activated by default, so it's important to enable it and scan the QR code that shows up, with your choice of authenticator system/app, to safeguard your account effectively.

<figure><img src="/files/NUpliIqJKqYoh9S1L2iv" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.lambahq.com/getting-started/recommended-security-considerations.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.