API security

There are many security measures deployed at Transloadit. For the purpose of communicating with the REST API, it is important to note that:

• All of our endpoints listed below are accessible via HTTPS with A+ grading on SSL Labs to ensure encryption in transit.
• With Signature Authentication, you can ensure no one else is sending requests on your behalf, or tampering with them. You can make Templates require valid Signatures.
• We hold on to the least amount of data possible. Read more on this in our Privacy Policy.
• You can make Templates reject unrecognized HTTP Referer values (although some browsers do not send these, in which case you are better off rolling out Signature Authentication).
• You can set a bill limit, after which Transloadit stops processing anything. We're happy to scale up with your usage, but bill limits are a good way to prevent "infinite loop"-type bugs from making you (and/or us) go bankrupt 😄