> ## Documentation Index
> Fetch the complete documentation index at: https://docs.xquik.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Report a security issue

> Report vulnerabilities affecting Xquik documentation, APIs, MCP, OAuth, webhooks, or SDKs.

Report issues affecting Xquik's application programming interface (API), Model Context Protocol (MCP) server, OAuth 2.1 flows, webhooks, software development kits (SDKs), or documentation to [security@xquik.com](mailto:security@xquik.com).

Do not open a public issue, discussion, or pull request for a vulnerability.

## What to include

Include these details when available:

* A clear description of the issue
* Reproduction steps and affected URLs
* Request and response samples with secrets removed
* The affected endpoint, SDK version, or documentation page
* The expected impact
* A suggested mitigation

Never send API keys, passwords, session cookies, or personal data.

## Response targets

Xquik reviews private reports against these targets:

* Acknowledgement within 24 hours
* Initial triage within 72 hours
* A mitigation plan after triage

Critical issues receive immediate priority.

## Scope

The security contact covers:

* `docs.xquik.com`
* The Xquik REST API
* The Xquik MCP server
* OAuth 2.1 flows
* Webhook signature verification
* Published Xquik SDKs

Send product support questions to [support@xquik.com](mailto:support@xquik.com).

## Safe harbor

Xquik supports good-faith security research that avoids privacy violations, data destruction, and service interruption. Allow reasonable time for remediation before public disclosure.
