Security
Security basics that matter on day one.
The platform covers the security fundamentals customers expect from a serious API product: key protection, server-side secret handling, authenticated dashboards, and request traceability.
Hashed API keys
Keys are stored as SHA-256 hashes and only revealed once at creation.
Server-side upstream secrets
Upstream provider credentials never leave the server and can be swapped without touching the customer API surface.
Session cookies
Dashboard auth uses httpOnly cookies with server-side session storage.
Immutable request logs
Each request records model, input/output tokens, wallet value, latency, and failures for support and billing review.