There are many security measures deployed at Transloadit. For the purpose of communicating with the REST API, it is important to note that:
- All of our endpoints listed below are accessible via HTTPS with A+ grading on SSL Labs to ensure encryption in transit.
- With Signature Authentication, you can ensure no one else is sending requests on your behalf, or tampering with them. You can make Templates require valid Signatures.
- You can make Templates reject unrecognized HTTP Referer values (although some browsers do not send these, in which case you are better off rolling out Signature Authentication).
- You can set a bill limit, after which Transloadit stops processing anything. We're happy to scale up with your usage, but bill limits are a good way to prevent "infinite loop"-type bugs from making you (and/or us) go bankrupt 😄