Security and Encryption Practices

Security is fundamental to our platform design, and we've implemented comprehensive encryption and security measures throughout our infrastructure.

Apideck encrypts all refresh tokens using advanced symmetric encryption.

Our platform utilizes AES-256-CTR encryption for all sensitive data, including refresh tokens. This industry-leading encryption standard provides robust protection for all authentication credentials and ensures that tokens remain secure both in transit and at rest.

Apideck employs enterprise-grade key management practices.

Our encryption keys are securely stored and managed through AWS Systems Manager Parameter Store, a dedicated secrets management service.

This approach ensures:

- Centralized key management with strict access controls

- Automatic key rotation capabilities

- Comprehensive audit logging of all key access

- Encryption at rest for the keys themselves

- Role-based access ensuring only authorized services can retrieve keys This separation of keys from encrypted data follows security best practices and provides an additional layer of protection.

The Apideck application servers use modern TLS encryption with strong cryptographic standards.

Our infrastructure is configured with:

- TLS 1.3 support on our load balancers for maximum security

- TLS 1.2 minimum across all endpoints

- AES-256 encryption for all encrypted connections

- SHA-256 hashing and stronger cryptographic functions

- Perfect Forward Secrecy to protect past communications even if keys are compromised

Beyond these specific requirements, our security framework includes:

- End-to-end encryption where sensitive data is encrypted at the application layer before database storage

- Mutual TLS support for enterprise integrations requiring client certificate authentication

- Web Application Firewall (WAF) protection across our infrastructure

- Comprehensive logging and monitoring with encrypted log storage

- Infrastructure-level encryption for file storage and data streams

We understand that security isn't just about meeting requirements—it's about protecting your data and maintaining your trust. Our security measures are designed to provide defense-in-depth protection, ensuring that sensitive information remains secure at every layer of our platform.

Our development and operations teams continuously monitor security best practices and update our implementations to address emerging threats and maintain the highest security standards.