We take security seriously at APIVerve. If you discover a security vulnerability, please report it responsibly.
Email: security@apiverve.com
Please include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes (optional)
- Acknowledgment: Within 48 hours
- Initial Assessment: Within 5 business days
- Resolution Timeline: Depends on severity, typically 30-90 days
This policy applies to:
- APIVerve REST APIs (api.apiverve.com)
- APIVerve websites (apiverve.com, docs.apiverve.com, dashboard.apiverve.com)
- Official SDKs and client libraries
- Social engineering attacks
- Denial of service attacks
- Issues in third-party dependencies (report to upstream)
- Issues requiring physical access
We will not take legal action against researchers who:
- Act in good faith
- Avoid privacy violations and data destruction
- Do not exploit vulnerabilities beyond proof of concept
- Report findings promptly and privately
When using APIVerve APIs:
- Protect your API key - Never expose it in client-side code
- Use HTTPS - All API calls should use HTTPS
- Rotate keys - Periodically rotate your API keys
- Monitor usage - Check your dashboard for unusual activity
- Security issues: security@apiverve.com
- General support: hello@apiverve.com