πŸŽ‰ Our Chrome Extension is here! Get live market prices right in your browser.Install Now
RealMarketAPI
Security

Security

Last updated: April 7, 2026

1. Infrastructure Security

  • All traffic is encrypted in transit using TLS 1.2 or higher.
  • Services are hosted on hardened cloud infrastructure with network-level isolation and DDoS protection.
  • Environments are separated β€” production, staging, and development are fully isolated.
  • Access to production systems is restricted to authorized personnel only, using role-based access controls.

2. Application Security

  • Input validation and output encoding are applied throughout the application to prevent injection attacks.
  • Rate limiting is enforced on all API endpoints to prevent abuse and brute-force attacks.
  • Security headers (CSP, HSTS, X-Frame-Options, etc.) are applied to all HTTP responses.
  • Dependencies are regularly audited and updated to address known vulnerabilities.

3. Authentication & API Keys

  • Passwords are hashed using a strong, salted algorithm. Plain-text passwords are never stored.
  • API keys are generated with cryptographically secure random number generation.
  • API keys are hashed at rest. Only you see the full key on creation β€” we cannot retrieve it for you.
  • You can revoke and regenerate API keys from your dashboard at any time.

4. Data Protection

  • We never store payment card numbers, CVVs, or sensitive payment instrument details. Payments are processed entirely by PayPal.
  • Data at rest is encrypted using industry-standard encryption.
  • Access to user data is restricted to personnel who require it to provide the service.
  • Audit logs are maintained to track access to sensitive data.

5. Operational Security

  • System health and anomalous activity are continuously monitored via automated alerting.
  • Security patches are applied promptly following disclosure of critical vulnerabilities.
  • Regular backups are performed and tested for recoverability.
  • An incident response process is in place to handle and communicate security events.

6. Customer Best Practices

To keep your account and API keys secure, we recommend:

  • Use a strong, unique password and enable two-factor authentication where available.
  • Never share your API key publicly or commit it to version control.
  • Store API keys in environment variables or a secrets manager, not in code.
  • Rotate your API key immediately if you suspect it has been compromised.
  • Restrict API key permissions to only what your application requires.

7. Responsible Disclosure

If you discover a security vulnerability, please report it to us responsibly. Contact us via the contact page with a detailed description of the issue. We will acknowledge your report promptly and work to address confirmed vulnerabilities. We ask that you do not publicly disclose vulnerabilities until we have had a reasonable opportunity to remediate them.

Feedback