Security
We follow industry best practices to maintain a high level of security:
- We support OAuth 2.0 authentication.
- We use fine-grained access control to authorise access to resources.
- Our API is only accessible over HTTPS, and data is encrypted in-transit using TLS.
- We rate limit and throttle sensitive API end-points to prevent abuse.
- We use encryption at rest to encrypt sensitive data in our database.
- We keep an audit log of changes to resources.
- We store logs for significant events that occur within our API and systems.