Metigan

Security

Learn about Metigan's security features and best practices for keeping your application and API keys secure. Security is a top priority at Metigan.

Security Features

Metigan implements multiple layers of security to protect your data and API access:

🔒 Encrypted Connections

All API requests are made over HTTPS using TLS 1.2 or higher. Data is encrypted in transit to prevent interception and tampering.

🔑 API Key Security

API keys are hashed and stored securely. Keys can be rotated, revoked, and scoped to specific permissions. Never expose API keys in client-side code.

🛡️ Input Validation

All inputs are validated and sanitized to prevent injection attacks, XSS, and other security vulnerabilities. Invalid inputs are rejected with clear error messages.

API Key Management

Follow these best practices for managing your API keys securely:

secure-api-key.tsTypeScript
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
// ❌ NEVER DO THIS - Exposing API key in code
const metigan = new Metigan({
  apiKey: 'sk_live_1234567890abcdef' // DON'T HARDCODE KEYS!
});

// ✅ DO THIS - Use environment variables
const metigan = new Metigan({
  apiKey: process.env.METIGAN_API_KEY!
});

// Validate that API key is set
if (!process.env.METIGAN_API_KEY) {
  throw new Error('METIGAN_API_KEY environment variable is required');
}

// ✅ Use different keys for different environments
const metigan = new Metigan({
  apiKey: process.env.NODE_ENV === 'production'
    ? process.env.METIGAN_API_KEY_PRODUCTION!
    : process.env.METIGAN_API_KEY_DEVELOPMENT!
});

Secure Practices

Environment Variables

.env.exampleTerminal
1
2
3
4
5
6
# Never commit .env file to version control
# Add .env to .gitignore

METIGAN_API_KEY=sk_live_your_api_key_here
METIGAN_API_KEY_DEVELOPMENT=sk_test_your_dev_key_here
METIGAN_API_KEY_PRODUCTION=sk_live_your_prod_key_here
Security Checklist
  • Never commit API keys to version control
  • Use environment variables for all secrets
  • Rotate API keys regularly
  • Use different keys for different environments
  • Revoke compromised keys immediately
  • Monitor API key usage for anomalies
  • Use the principle of least privilege