# API Security

The following are a few of the mechanisms and procedures we employ in our Bridge API to keep it secure.

## Segregated Secure Processor

All sensitive operations are performed in a secure, non-internet facing compute layer.

## Key Rotation Policy

We allow 2 active keys at once so integrators can rotate their keys inline with their corporate policies with zero down time.

## WAF & Monitoring

We have proactive monitoring across the infrastructure.

A Web Application Firewall helps prevent DDoS attacks and detects common attacks such as SQL injection attempts and brute force attempts.

## Securely Stored Audit Logs

Audit logs are stored in a separate, private subnet with no inbound internet access.

## Encryption In Transit and At Rest

We use HTTPS (TLS) for encryption in transfit and AES-256 for encryption at rest.

## 3rd Party Security Audit

Regular 3rd party security audits are performed against the Bridge.