Security Information
Details on the API's encryption and security protocols.
Encryption in Transit
The minimum negotiated Transport Layer Security (TLS) version that we support is TLS 1.2 using only the following ciphers:
- TLS_AES_128_GCM_SHA256
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
- ECDHE-RSA-AES128-GCM-SHA256
- ECDHE-RSA-AES128-SHA256
- ECDHE-RSA-AES256-GCM-SHA384
- ECDHE-RSA-CHACHA20-POLY1305
- ECDHE-RSA-AES256-SHA384
Access Token Expiry
Access tokens are valid for 1 hour.
IP Whitelisting
We do not support IP whitelisting.
Audit
We log and trace all requests and errors across all components that comprise the Culture Amp Public API. We use this information to monitor and improve the service and for chain of custody purposes. We do not share this information with third parties.
Other
Our API sits behind our Web Application Firewall (WAF) and undergoes regular penetration testing via a third party.
Updated 8 months ago