Security and privacy

Your data and images are private

Your API endpoint is only accessible to you. Nobody else can view your images, perform searches or interact with your API without your authorization.

Authentication and whitelisting

We offer two security options: IP whitelisting and username/password authentication. 

IP whitelisting is our most secure option. You provide a list of IP addresses (or IP ranges) for your servers, and your API will only listen to requests coming from those addresses; all other requests will be ignored. When whitelisting is enabled you can manage the allowed IP addresses from your dashboard.

If you do not have static IP addresses, you can instead use HTTP Basic authentication with a username and password. Basic authentication is secure and easy to use. Since it is part of the HTTP standard, it is compatible with whatever method you choose for accessing the API.

Best practices

Your application should never call your API directly. Instead, your application should make a request to your own servers, and then your servers should make the request to your API endpoint. If you are using IP whitelisting, this is necessary, since your end user will likely not be on the whitelist; if you are using Basic authentication this prevents the user from being able to use your password for unauthorized access to your API.