Documentation Menu↓
Security
Internal Infrastructure Control Practices
How we secure server access keys and run tests.
Difficulty:
|Intermediate
Est: 9 mins
|Updated July 2026
Overview
This section details authentication security, rate limits, session management, and API endpoints validation checks.
Security Protocols
- Session Tokens: Authentication tokens are stored inside HTTP-Only, Secure cookies to prevent Cross-Site Scripting (XSS) retrieval.
- Rate Limiting: Endpoints are protected against brute-force calls using API request velocity caps:
text
Auth routes: Capped at 5 requests/minute per IPAudit routes: Capped at 15 requests/minute per userUser Responsibilities
- Enable Two-Factor Authentication (2FA) inside settings.
- Verify magic link login requests are originating from your own device actions.
Related Guides
Was this page helpful to your workflow?