{"id":2934,"date":"2026-01-26T08:09:02","date_gmt":"2026-01-26T13:09:02","guid":{"rendered":"https:\/\/www.airsupervision.com\/wp-r\/docs\/administrator\/apis\/security-responsibilities\/"},"modified":"2026-02-25T08:14:18","modified_gmt":"2026-02-25T13:14:18","slug":"security-responsibilities","status":"publish","type":"docs","link":"https:\/\/www.airsupervision.com\/wp-r\/docs\/administrator\/apis\/authentication\/security-responsibilities\/","title":{"rendered":"Security responsibilities"},"content":{"rendered":"\n<ul class=\"wp-r_indent50\">\n<li>API keys and any scripts calling the endpoints must be secured by the integrator.<\/li>\n\n\n\n<li>Protect tokens at rest and in transit; do not hardcode them in public repositories.<\/li>\n\n\n\n<li>Ensure your own data sensitivity policies are enforced when exposing or writing records via the API.<\/li>\n<\/ul>\n\n\n<div class=\"ub-styled-box ub-notification-box\" id=\"ub-styled-box-e6831c0d-0bbc-4aee-9a57-a8065c337e21\">\n\n\n<p>If a malicious actor gets an API Key with write scope, they can call add endpoints to inject records at scale, inflate storage costs, skew reports, and create cleanup work. Treat leaked keys as compromised immediately, rotate them, and review rate limits and write scopes.<\/p>\n\n\n<\/div>","protected":false},"featured_media":0,"parent":2930,"menu_order":2,"template":"","doc_tag":[],"_links":{"self":[{"href":"https:\/\/www.airsupervision.com\/wp-r\/wp-json\/wp\/v2\/docs\/2934"}],"collection":[{"href":"https:\/\/www.airsupervision.com\/wp-r\/wp-json\/wp\/v2\/docs"}],"about":[{"href":"https:\/\/www.airsupervision.com\/wp-r\/wp-json\/wp\/v2\/types\/docs"}],"version-history":[{"count":5,"href":"https:\/\/www.airsupervision.com\/wp-r\/wp-json\/wp\/v2\/docs\/2934\/revisions"}],"predecessor-version":[{"id":3351,"href":"https:\/\/www.airsupervision.com\/wp-r\/wp-json\/wp\/v2\/docs\/2934\/revisions\/3351"}],"up":[{"embeddable":true,"href":"https:\/\/www.airsupervision.com\/wp-r\/wp-json\/wp\/v2\/docs\/2930"}],"prev":[{"title":"Type of roles","link":"https:\/\/www.airsupervision.com\/wp-r\/docs\/administrator\/apis\/authentication\/token-roles\/","href":"https:\/\/www.airsupervision.com\/wp-r\/wp-json\/wp\/v2\/docs\/2932"}],"wp:attachment":[{"href":"https:\/\/www.airsupervision.com\/wp-r\/wp-json\/wp\/v2\/media?parent=2934"}],"wp:term":[{"taxonomy":"doc_tag","embeddable":true,"href":"https:\/\/www.airsupervision.com\/wp-r\/wp-json\/wp\/v2\/doc_tag?post=2934"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}