Skip to main content

Platform Security

You need to authenticate requests to interact with the Truvity platform securely. This page dives into authentication and authorization considerations, and provides best practices to protect your keys.

Authentication

To authenticate your API requests, include an API key that you can retrieve from the Admin Panel. If you need to generate an API key, refer to the Create API Keys guide.

Authorization

Currently, the Truvity platform does not support role-based access or authorization scopes. The API key itself grants full access to the system. In the future we will introduce authorization controls.

Security considerations

API keys grant full access to your data, so it is critical to protect them carefully. If someone else obtains your API key, they can access and modify your wallet information. Here are some best practices to follow:

  • Limit Access: Only share API keys with trusted team members or systems. Keep them out of version control systems and avoid sharing them in public repositories.

  • Frontend vs. Backend Usage: It is okay to use API keys directly in frontend applications when building prototypes or in a secured environment. However, avoid exposing API keys on the frontend for public-facing applications. Anyone who can inspect the network traffic in a browser can extract the key and misuse it.

  • Use an API Proxy: For more secure applications, consider using an API proxy. An API proxy acts as an intermediary between your application and the Truvity Cloud API, adding authentication headers securely on the server side. This way, your API key remains hidden from public exposure.

Best Practice: Implement an API proxy when deploying your application to the public. The proxy will handle requests from your app and forward them to the Truvity Cloud API, adding the necessary authentication headers on your behalf.

By following these guidelines, you can ensure secure communication with the Truvity Cloud API while safeguarding your API keys from unauthorized access.