Security & Compliance
Enterprise-grade security built for the most demanding compliance requirements. Pass audits with confidence.
Architecture
All API credentials are encrypted using AES-256-GCM before storage. Each tenant has a unique encryption key derived from a master key using HKDF. Even in the unlikely event of database compromise, credentials remain protected.
All API communication uses TLS 1.3 with perfect forward secrecy. Credentials are never transmitted in plaintext. Automatic certificate rotation and HSTS enforcement prevent downgrade attacks.
Every request is authenticated and authorized independently. No implicit trust based on network location. IP allowlisting, client identification, and route-level access controls ensure only authorized requests succeed.
// Every request requires multi-layer authentication const request = { headers: { 'X-KnoxCall-API-Key': 'kc_...', // API key auth 'X-KnoxCall-Client-ID': 'device-123', // Client tracking 'X-KnoxCall-Route': 'stripe-charge' // Route authorization } }; // Automatic checks before proxying: // 1. API key valid & not revoked // 2. Client IP in allowlist (if configured) // 3. Route exists & tenant has access // 4. Rate limits not exceeded // 5. Request signing validated (if enabled)
Every API request, credential access, and configuration change is logged with cryptographic integrity protection. Logs are append-only and retained for compliance requirements (30-365 days configurable).
Compliance
Here's what KnoxCall automatically handles for your compliance requirements:
AES-256-GCM encryption with HSM-backed keys and automatic rotation. Meets or exceeds all major compliance standards for data encryption.
Role-based access control (RBAC), IP allowlisting, and client-level restrictions. Audit trail shows who accessed what and when.
Comprehensive logging of all API calls, configuration changes, and credential access. Tamper-evident logs with configurable retention (30-365 days).
Multi-region deployment with data residency guarantees. EU customers can ensure data never leaves European servers.
Real-time alerts for suspicious activity, rate limit violations, and authentication failures. Multi-channel notifications (Email, SMS, Slack).
Customers can delete all data on demand via the dashboard. Complete erasure of all routes, credentials, audit logs, and account data. GDPR Article 17 compliant.
Regular security assessments and vulnerability scanning. Annual third-party penetration testing scheduled. Contact us for the most recent security assessment summary.
BAA available for healthcare customers upon request. Sensitive field masking in audit logs and encrypted credential storage for healthcare API integrations.
Additional
OAuth2 tokens are automatically refreshed 5 minutes before expiration. Refresh tokens are encrypted and stored separately from access tokens. Supports Google, Microsoft, Salesforce, and custom OAuth2 providers.
Configurable rate limits per route, per client, or globally. Automatic DDoS mitigation with challenge-response for suspicious traffic patterns. Cloudflare integration for additional protection.
HMAC-SHA256 request signing prevents tampering and replay attacks. Configurable signature headers and nonce validation ensure requests are fresh and authentic.
Every tenant gets its own master key. Crypto Keys, Vault tokens, webhook secrets, and ephemeral payloads are envelope-encrypted under it. Bring-your-own-key (BYOK) via AWS KMS, GCP KMS, or Azure Key Vault on Enterprise. Cryptographic erasure: destroy the master key and every dependent ciphertext becomes permanently unreadable.
Crypto Keys v2 supports RSA-2048/3072/4096, ECDSA P-256/P-384, and Ed25519. Sign JWTs (RS256, ES256, EdDSA) with full alg-confusion defence: alg:none rejected unconditionally, header alg bound to key type, kid bound to verification version. Public keys exportable as PEM and JWK.
Vaults swap PCI cards, SSNs, and emails for tokens that pass the same validation as the originals — Luhn-valid card tokens with BIN+last4 preserved, SSN tokens that always start with 9XX (never collide with real SSNs), email tokens with domain preserved for analytics. Drop-in replacement for sensitive columns; PCI scope reduction without schema changes.
Inbound webhooks from Stripe, GitHub, Slack, AWS-SNS, or custom HMAC schemes are verified at the edge using constant-time comparison. Formats with timestamps (Stripe, Slack) enforce a configurable replay window (default 300s, capped 86400s). Failed verifications audit with the precise reason code: replay_window_exceeded, no v1 signature matched, etc.
Routes, Ephemeral Proxy, and inbound-webhook forwarding all share the same SSRF guard: HTTPS only, hostname must resolve publicly, private (RFC1918) / link-local / loopback / metadata-IP (169.254.169.254) addresses blocked. DNS-pinning prevents TOCTOU rebinding attacks.
Every AI Gateway agent issues kc_live_a_… capability keys with embedded scopes (provider, model, max-cost-per-day, IP CIDRs, valid time windows). RFC 9449 DPoP binds each key to a private key in the OS keychain — a stolen key without the matching private half is inert. Refresh rotation with theft detection invalidates the entire credential family on reuse.
Per-stream finite-state machine + 96-char sliding hold-back buffer detects PII spanning SSE chunk boundaries before any token leaves the gateway. Aho-Corasick → regex+checksum → Microsoft Presidio sidecar runs in your VPC. Reversible mode tokenizes via FF3-1 with the per-tenant Vault key — the LLM only ever sees tokens; the customer sees the original PHI.
One-click recognizer sets for HIPAA Safe Harbor (18 identifiers + 30 common MRN/health-plan formats), PCI (PAN + CVV + ABA routing + 1-year retention), GDPR (EU national IDs + addresses + RTBF), SOC 2 (audit controls + access reviews). Every redaction logs entity type, span, recognizer, and confidence — never the plaintext value.
Heuristics catch obvious "ignore previous instructions" patterns in microseconds. Per-tenant deterministic canary tokens injected into system prompts trip a critical alert if the model echoes them — extraction in flight is detected on the response stream and the request is killed before completion.
Start securing your APIs with enterprise-grade compliance. HIPAA and GDPR ready, SOC 2 aligned architecture included.