Operations
Security & compliance

Security and compliance

This page describes how to secure your KushRouter integration and handle data responsibly.

API key security

  • Use least-privilege keys scoped to the minimal access needed.
  • Rotate keys regularly; deactivate old keys immediately after rotation.
  • Never embed secrets in web/mobile apps; proxy requests via your backend.
  • Store secrets in a secure vault (e.g., environment variables, secret managers).

Data handling and privacy

  • Avoid sending PII unless necessary; redact sensitive fields in your logs.
  • KushRouter forwards provider content; we recommend you encrypt sensitive payloads at rest on your side.
  • Log only request metadata you need to operate; use short retention by default.

Retention and logging

  • Keep request/response payload logs disabled in production unless required for audit.
  • Retain summarized metrics (usage, error rates) instead of raw content where possible.
  • When you must log payloads (e.g., during onboarding), strip secrets and rotate logs quickly.

Webhook security and signature verification

KushRouter signs webhook deliveries using HMAC-SHA256 over the raw request body with your webhook secret.

Headers:

  • X-KR-Signature: hex-encoded HMAC-SHA256 of the raw body.
  • X-KR-Timestamp: UNIX epoch seconds used for replay detection.

Recommended:

  • Reject requests older than a tolerance window (e.g., 300 seconds).
  • Compare signatures using a constant-time equality function.

Node.js example:

import crypto from 'crypto';
 
export function verifyWebhook(rawBody: Buffer | string, headers: Record<string, string>, secret: string, toleranceSeconds = 300) {
  const sig = headers['x-kr-signature'];
  const ts = headers['x-kr-timestamp'];
  if (!sig || !ts) return false;
  const now = Math.floor(Date.now() / 1000);
  if (Math.abs(now - Number(ts)) > toleranceSeconds) return false;
  const hmac = crypto.createHmac('sha256', secret).update(rawBody).digest('hex');
  // Constant-time compare
  return hmac.length === sig.length && crypto.timingSafeEqual(Buffer.from(hmac), Buffer.from(sig));
}

Python example:

import hmac, hashlib, time
 
def verify_webhook(raw_body: bytes, headers: dict, secret: str, tolerance_seconds: int = 300) -> bool:
    sig = headers.get('x-kr-signature')
    ts = headers.get('x-kr-timestamp')
    if not sig or not ts:
        return False
    now = int(time.time())
    if abs(now - int(ts)) > tolerance_seconds:
        return False
    digest = hmac.new(secret.encode('utf-8'), raw_body, hashlib.sha256).hexdigest()
    return hmac.compare_digest(digest, sig)

Rate limiting and DDoS posture

  • Respect 429 responses and the Retry-After header; implement capped exponential backoff.
  • Coordinate concurrency across workers to avoid synchronized spikes.
  • Consider IP allowlisting/denylisting at your edge if you expose public endpoints.

Compliance posture

  • Maintain audit trails for key lifecycle events (create, rotate, deactivate).
  • Document your data flows and third-party providers used for LLM inference.
  • If you require regional processing or specific data residency, contact support.
Generations lookupIndex