API

Security

We follow industry best practices to maintain a high level of security:

  • We support OAuth 2.0 authentication.
  • We use fine-grained access control to authorise access to resources.
  • Our API is only accessible over HTTPS, and data is encrypted in-transit using TLS.
  • We rate limit and throttle sensitive API end-points to prevent abuse.
  • We use encryption at rest to encrypt sensitive data in our database.
  • We keep an audit log of changes to resources.
  • We store logs for significant events that occur within our API and systems.