Security

Transport

• TLS 1.2 or higher is required. HTTP is not served.
• HSTS is enabled on all *.datamingle.ai hosts.

Authentication

• API keys are bearer credentials — anyone in possession of the string can act as you.
• Keys are only displayed once, at creation. They cannot be retrieved afterwards, only rotated.
• Keys can be scoped to a subset of resources and actions — see Scopes.
• Keys may carry an expiration. Requests after expiry are rejected with 401.

Recommendations for callers

• Store keys in a secret manager. Not in source, not in CI config files, not in environment files checked into git.
• Rotate annually at minimum. Rotate immediately on exposure.
• One key per environment and per service. Don't share a single key across staging, production, and a batch job.
• Allowlist outbound hosts if your integration runs in a locked-down network — the only host you need is <your-tenant>.datamingle.ai.

Audit trail

Every inbound integration request is recorded with timestamp, method, path, raw body, mapped body, response, and the API key's name (not value). See Inspecting logs.

Authentication-layer events (rejected keys, expired keys, missing scopes) are recorded separately and visible under Security → API key activity in the dashboard.

Data handling

• In transit: TLS-terminated at the edge, TLS-only between platform services.
• At rest: Database and backups are encrypted with platform-managed keys.
• PII scope: The Datamingle API stores whatever you send (order customer info, metadata). Do not send credentials, payment card numbers, or health data — these are not the kind of data this platform is designed for.
• Retention: Integration log entries are retained for 90 days (raw + mapped payloads). Resource records follow your tenant's configured retention.

Reporting a vulnerability

If you discover a potential security issue, email the security contact listed in your service agreement. Do not file a public ticket. We follow responsible-disclosure practice and will acknowledge within one business day.