Security
Security at ApplianceAPI
We take the security of your data and API access seriously. Here is how we protect the ApplianceAPI platform and the data flowing through it.
Transport Security
All API communication is encrypted in transit.
- HTTPS enforced on every endpoint
- TLS 1.2 minimum, TLS 1.3 preferred
- HSTS headers enabled
- No plaintext HTTP connections accepted
API Authentication
Every API request is authenticated with a unique key.
- One API key per account
- Keys are revocable at any time
- No shared credentials between accounts
- Keys transmitted only in request headers
Access Controls
Rate limiting and abuse prevention protect the platform.
- Per-key rate limiting
- Request throttling on all endpoints
- Automatic abuse detection
- CSRF protection on web interfaces
Data Handling
We collect and store only what is needed to deliver structured appliance data.
- No personally identifiable information (PII) stored from API queries
- Appliance model and product data only
- No user behavior tracking via the API
- Data encrypted at rest
Logging & Monitoring
We log API activity for security and debugging purposes.
- Request logging for abuse detection
- No sensitive data in log records
- Regular log review and retention policies
- Error monitoring and alerting
Privacy Posture
We respect user privacy and minimize data collection.
- We do not sell or share API usage data
- Cookie consent with Google Consent Mode v2
- Minimal data collection — only what the product requires
- GDPR-aware design principles
Security Inquiries
If you have questions about our security practices or want to report a vulnerability, contact us at support@applianceapi.com.