Flag of Ukraine

API security

There are many security measures deployed at Transloadit. For the purpose of communicating with the REST API, it is important to note that:

  • All of our endpoints listed below are accessible via HTTPS with A+ grading on SSL Labs to ensure encryption in transit.
  • With Signature Authentication, you can ensure no one else is sending requests on your behalf, or tampering with them. You can make Templates require valid Signatures.
  • We hold on to the least amount of data possible. Read more on this in our Privacy Policy.
  • You can make Templates reject unrecognized HTTP Referer values (although some browsers do not send these, in which case you are better off rolling out Signature Authentication).
  • You can set a bill limit, after which Transloadit stops processing anything. We're happy to scale up with your usage, but bill limits are a good way to prevent "infinite loop"-type bugs from making you (and/or us) go bankrupt 😄