Security

Encryption

All sensitive data is encrypted using 2048-bit keys, which allows us to set a secure environment for the client. None of the sent credentials are saved within the system as plain text, and are always encrypted using an asymmetric encryption algorithm. If there is something wrong with the client’s data, they will be notified with a specific message.

We are continuously monitoring Spectre API, securing it from malware attacks, and constantly updating the security layers of our infrastructure. Salt Edge offers you a stable and attack-proof environment where you can keep all your credentials intact, and hidden from a potential attacker.

Certificate

We recommend you to check the Salt Edge SSL certificate fingerprint on every connection.

HTTP Public Key Pinning (HPKP)

Salt Edge returns a Public-Key-Pins header in all of it’s responses. Modern browsers like Chrome and Firefox already use it to validate the public key of Salt Edge certificate. Additionally, you can use this header to validate the certificate on your backends during API consumtion. For more information see https://developer.mozilla.org/en-US/docs/Web/HTTP/PublicKeyPinning.

Vulnerability rewards

The Salt Edge staff has built a strong and reliable shield for the whole application. We show our appreciation to those who find potential security weaknesses in the system, hence Salt Edge will reward you for the report given on any such matter.

As with most security programs, Salt Edge will have some restrictions at this point. Only the first person who reports the bug will be rewarded for disclosing an issue within Salt Edge security.

We appreciate your help in keeping Salt Edge a safe environment for your financial data.

If you found a bug, please contact us in order to benefit from Vulnerability rewards program.