Security - Web Hook Box
Security & Privacy
Web Hook Box takes security and privacy seriously. This document outlines our security practices and provides guidance on securely using our service.
Data Security
We implement multiple layers of security to protect your webhook data:
Transport Security
- TLS 1.3 for all connections
- HTTPS-only connections enforced
- Modern cipher suites
- HSTS headers implemented
Authentication
- Firebase Authentication integration
- Multi-provider OAuth support
- Secure token handling
- Session timeout protection
API Token Security
Our API token system is designed with security best practices in mind:
Token Generation & Storage
- Cryptographically secure random generation
- Tokens are hashed before storage
- Only shown once at generation time
- Hidden by default in UI with show/hide toggle
- Immediate revocation capability
Best Practices for Users
- Treat API tokens like passwords
- Never store tokens in client-side code
- Use environment variables for token storage
- Rotate tokens periodically
- Revoke tokens when no longer needed
- Use separate tokens for different applications
Important Security Notice
Your API token provides full access to your account's API functionality. Never share your token with others, include it in public repositories, or expose it in client-side code.
User Account Security
Your account security is enhanced through several features:
Profile Management
Your profile page provides secure access to account information and API token management.
- Securely view and manage your account information
- Generate and revoke API tokens
- View your account creation date
Firebase Authentication
We leverage Firebase Authentication for secure account management:
- Email and password authentication with security best practices
- OAuth integration with Google and GitHub
- Secure password reset workflows
- Token-based authentication with secure handling
Privacy Policy
For more information about how we handle your data, please refer to our Privacy Policy.