Guides

Security considerations

Authentication

Feed API uses Bearer Token authentication based on OAuth 2.0 protocol. All API requests must include a valid access token in the Authorization header.

Token Management Details:

  • Type: Bearer Token (OAuth 2.0)
  • Header Format: Authorization: Bearer <token>
  • Token Lifetime: 1 hour
  • Refresh Strategy: Obtain a new token before the current one expires
  • Storage: Keep tokens in secure storage; never hardcode tokens in your application
  • Transmission: Always use HTTPS, never transmit tokens over HTTP

Data Protection

Data protection is a critical aspect of the Feed API. All data transmission is encrypted, and access is logged for audit purposes.

Data Protection Measures:

  • Encryption in Transit: All requests must use HTTPS/TLS encryption
  • Data Retention: Data is retained for a maximum of 7 days in the SCALAR buffer
  • PII Handling: Ensure compliance with GDPR and other local regulations when processing personal identifiable information
  • Audit Logging: All API access is logged and auditable for security and compliance purposes

Updated about 2 hours ago