API Security

The following are a few of the mechanisms and procedures we employ in our Bridge API to keep it secure.

Segregated Secure Processor

All sensitive operations are performed in a secure, non-internet facing compute layer.

Key Rotation Policy

We allow 2 active keys at once so integrators can rotate their keys inline with their corporate policies with zero down time.

WAF & Monitoring

We have proactive monitoring across the infrastructure.

A Web Application Firewall helps prevent DDoS attacks and detects common attacks such as SQL injection attempts and brute force attempts.

Securely Stored Audit Logs

Audit logs are stored in a separate, private subnet with no inbound internet access.

Encryption In Transit and At Rest

We use HTTPS (TLS) for encryption in transfit and AES-256 for encryption at rest.

3rd Party Security Audit

Regular 3rd party security audits are performed against the Bridge.

Last updated