Security
Security is not a feature — it's our foundation. Explore our comprehensive security practices, audits, and bug bounty program.
Security Architecture
No Long-Lived Keys
Eliminate API key theft by removing static credentials entirely. Every request is cryptographically signed.
Ed25519 Signatures
Industry-standard elliptic curve cryptography with hardware enclave support for key storage.
Zero Trust Architecture
Every request is verified independently. No session state means no session hijacking.
Hardware Security
Validator nodes require HSM or TEE for key management. Private keys never leave secure enclaves.
Rate Limit Immune
Payment-based access control makes DDoS attacks economically infeasible.
Privacy Preserving
Zero-knowledge proofs for balance verification. Transaction details remain private.
Independent Security Audits
Trail of Bits
Full Protocol Audit
December 2025
OpenZeppelin
Smart Contract Audit
November 2025
Sigma Prime
Cryptographic Review
October 2025
Bug Bounty Program
We reward security researchers who help keep Apiosk safe. Our program is managed through Immunefi and pays out up to $100,000 for critical vulnerabilities.
Remote code execution, fund theft
Privilege escalation, data breach
Logic errors, minor fund risk
Best practice violations
In Scope
To 23 researchers since program launch
Regulatory Compliance
SOC 2 Type II
CertifiedGDPR
CompliantISO 27001
In ProgressCCPA
CompliantSecurity Contact
For responsible disclosure of security vulnerabilities, please contact our security team directly.
PGP Key: 0x8A2B...F91C