Security is central to how AmunCore is designed. This page explains how your data is protected, where it lives, and how every API channel is secured. For enterprise or financial-sector evaluations, a detailed technical review is available on request.
Hosting model โ your data stays with you
AmunCore offers two deployment options, and in both cases we never copy, export, or store your database records. AmunCore acts as a controlled access layer in front of your data.
Self-hosted (on-premises)
Install AmunCore on your own servers, behind your own firewall. It connects to your databases using credentials you control. Your data never leaves your environment. Ideal for banks, enterprises, and regulated industries.
Managed cloud
Use our hosted platform with strict per-company isolation. Each company's applications, endpoints, and data are fully separated from every other company's.
How every API channel is secured
Whether a request arrives via REST, GraphQL, the AI/MCP channel, or a webhook delivery, the same protections apply:
| Channel | How it's protected |
|---|---|
| REST API | Per-application API key required on every request; parameterized queries; rate limiting; optional IP whitelisting; full audit logging. |
| GraphQL | Resolved by application ID + API key together; per-endpoint authentication; only explicitly exposed fields are queryable. |
| AI / MCP | Gated by a separate secret token (distinct from API keys); scoped to a single company; same audit logging; can be disabled entirely per company. |
| Webhooks | Payloads signed with HMAC-SHA256 so receivers can verify authenticity and detect tampering; delivery attempts are logged. |
Encryption
- Encryption at rest: database connection strings and other sensitive secrets (including two-factor secrets) are encrypted using AES-256. They are never stored or displayed in plain text.
- Encryption in transit: AmunCore is designed to run behind HTTPS/TLS, so data is encrypted between clients and the server.
- Signed integrity: license keys and webhook payloads are signed with HMAC-SHA256.
Authentication & access control
| Control | Detail |
|---|---|
| Password security | Passwords hashed with BCrypt; never stored in plain text. |
| Two-factor authentication | Optional TOTP 2FA for dashboard logins, with one-time recovery codes and administrator reset. |
| Role-based access | SuperAdmin, Admin, Developer, and Viewer roles with scoped permissions. |
| Tenant isolation | Strict per-company separation; one company can never access another's data. |
Auditing & monitoring
Every API request is logged with its method, path, status code, response time, and source IP. Real-time analytics show usage, error rates, and latency. Webhook delivery attempts and outcomes are recorded for traceability.
SQL injection protection
All database access uses fully parameterized queries. User input is never concatenated into SQL, so injection is prevented at the architecture level โ across table endpoints, stored-procedure endpoints, and every supported database engine.
Honest roadmap
We believe in transparency during security reviews. The following are on our hardening roadmap and not all are implemented yet:
- Single sign-on (OAuth2 / SAML) and social login
- Audit-log export to external SIEM systems
- Independent penetration testing and ISO 27001 alignment
This page is a summary for evaluation purposes and does not constitute a security warranty.