Security
How Stackhooks protects your data, API keys, and infrastructure.
API key security
API keys are hashed with SHA-256 before storage. The original key is shown once at creation and never stored in plaintext. Revoke any key instantly from your dashboard.
Encryption in transit
All traffic is encrypted with TLS 1.3. HTTPS is enforced on every endpoint — API, dashboard, and marketing site. No plaintext connections are accepted.
DDoS protection
Enterprise-grade DDoS mitigation protects all endpoints. Automatic traffic analysis blocks malicious requests before they reach the application.
Rate limiting
Per-key rate limits prevent abuse and protect system resources. Limits are enforced per minute and per day with clear headers on every response.
Minimal data collection
We store only what's needed: hashed API keys, usage counters, and account info. We don't log request bodies or cache your API responses beyond standard edge caching.
Edge isolation
Each request runs in an isolated V8 context at the edge. No shared memory between requests, no persistent processes, no traditional server attack surface.
Responsible disclosure
Found a security issue? Please report it to security@stackhooks.com. We take all reports seriously and will respond within 48 hours.
Related
Start building today
Create a free account and start pulling structured Substack data in minutes.