From 08258d8c7fb34d13cf4f0756f2774e7281b2efb2 Mon Sep 17 00:00:00 2001
From: Aljaz Ceru <aljaz@ceru.si>
Date: Wed, 28 May 2025 09:59:10 +0200
Subject: [PATCH] secrets and security

---
 README.md     | 3 +++
 fly/README.md | 4 ++--
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 108fc6f..b702e9d 100644
--- a/README.md
+++ b/README.md
@@ -4,6 +4,9 @@ Breez Payments Rest API is a REST API on top of [Breez Nodeless SDK](https://git
 ## API documentation
 OpenAPI documentation is generated on every instance at ```<api-url>/docs```. It can also be downloaded [here](./openapi.json).
 
+## API Key Security
+
+X-API-KEY header serves as authorization method for accessing the API. Anyone that knows the API url and API_SECRET can access your funds, so make sure to protect this secret and to generate a unique and long string. You can use generators like [this](https://1password.com/password-generator) or this(https://www.uuidgenerator.net/).
 
 
 ## Deployment options
diff --git a/fly/README.md b/fly/README.md
index dbd6326..fa7da5d 100644
--- a/fly/README.md
+++ b/fly/README.md
@@ -5,8 +5,8 @@ This document explains deploying breez payments api to fly.io
 
 - Python 3.10+ 
 - Poetry (package manager)
-- Breez Nodeless SDK API key (get one from [Breez](https://breez.technology/))
-- A valid seed phrase for the Breez SDK wallet
+- [Breez Nodeless SDK API key ](https://breez.technology/request-api-key/#contact-us-form-sdk)
+- 12 words BIP 39 seed ( use [Misty Breez](https://github.com/breez/misty-breez) to generate it)
 
 ## Installation