Security

How we protect your data and maintain a secure platform.

Last updated: December 10, 2024

Our Commitment to Security

Security is fundamental to TryAPI. We implement industry-standard security practices to protect your data and ensure the integrity of our platform.

Infrastructure Security

Cloud Infrastructure

TryAPI is hosted on enterprise-grade cloud infrastructure with:

  • SOC 2 Type II certified data centers
  • Redundant systems and automatic failover
  • Geographic distribution for high availability
  • DDoS protection and mitigation

Network Security

We employ multiple layers of network security including firewalls, intrusion detection systems, and continuous monitoring to protect against unauthorized access.

Data Protection

Encryption

  • In Transit: All data transmitted to and from TryAPI is encrypted using TLS 1.3
  • At Rest: All stored data is encrypted using AES-256 encryption
  • API Keys: API keys are hashed using bcrypt before storage

Data Isolation

Each customer's data is logically isolated. Strict access controls ensure that users can only access their own data.

Application Security

Secure Development

Our development practices include:

  • Security-focused code reviews
  • Automated security scanning in CI/CD pipelines
  • Dependency vulnerability monitoring
  • Regular security training for developers

Authentication

  • Secure password hashing with bcrypt
  • Multi-factor authentication (MFA) support
  • OAuth 2.0 integration for social login
  • Session management with secure, HTTP-only cookies

API Request Handling

Proxy Security

When TryAPI makes requests on your behalf, we implement security measures to protect both you and the target APIs:

  • Request validation and sanitization
  • Rate limiting to prevent abuse
  • Timeout controls to prevent resource exhaustion
  • No permanent storage of request/response bodies by default

Credential Handling

API credentials entered in playgrounds are:

  • Transmitted only over encrypted connections
  • Never logged or stored in plain text
  • Cleared from memory after request completion

Compliance

TryAPI is designed with compliance in mind:

  • GDPR compliant data handling
  • CCPA compliance for California residents
  • SOC 2 Type II certification (in progress)
  • Regular third-party security audits

Incident Response

We maintain a comprehensive incident response plan that includes:

  • 24/7 monitoring and alerting
  • Defined escalation procedures
  • Communication protocols for affected users
  • Post-incident review and remediation

Vulnerability Disclosure

We welcome responsible disclosure of security vulnerabilities. If you discover a security issue, please report it to security@try-api.com. We commit to:

  • Acknowledging receipt within 24 hours
  • Providing regular updates on remediation progress
  • Not pursuing legal action against good-faith reporters
  • Crediting researchers who help improve our security (with permission)

Security Best Practices for Users

To maximize your security when using TryAPI:

  • Use strong, unique passwords
  • Enable multi-factor authentication
  • Use test/sandbox API credentials in playgrounds when possible
  • Review and rotate API keys regularly
  • Be cautious when making playgrounds public

Questions

For security-related questions or concerns, contact our security team at security@try-api.com.