API security

There are many security measures put in place at Transloadit for the purpose of communicating with our APIs.

  • HTTPS: All of our API endpoints are accessible via HTTPS with A+ grading on SSL Labs to ensure encryption in transit.
  • Signatures: You can ensure that no one else sends requests on your behalf or tampers with them by signing requests. Signature Authentication can be enabled for your entire Workspace or for specific Templates only.
  • Auth Scopes: API Auth Keys can be configured to be allowed access only to certain API endpoints.
  • 2FA: We have two factor authentication put in place to protect your logins.
  • GDPR compliance: We hold on to the least amount of data possible. Read more on this in our Privacy Policy.
  • Collaborators: People helping in your Workspace have their own login accounts with Two factor authentication. There are no shared passwords, and you can configure roles with specific permissions for each collaborator.
  • Sudo mode: To make drastic changes to the settings of your Workspace on transloadit.com you need to re-enter your password once every 15min.
  • Allowed domains: You can make Templates reject unrecognized HTTP Referer values.
  • Bill limits: You can configure bill limits that β€” once reached β€” prevent any new Assemblies from being created in your Workspace.

Learn more about security at Transloadit.