Security

We take security seriously, but we also want to make sure it doesn’t get in your way. Here’s what you need to know about how we keep your AI data safe.

Handling Your Data

We don’t want your PII: Our telemetry API doesn’t log sensitive prompt data unless you explicitly include it in the io field. Keep that field out of your payload if you want to keep things 100% anonymous.
Sanitize before you send: If you do decide to log prompt/response pairs for debugging, make sure you scrub any sensitive info (like passwords or user emails) before shipping the data to us.
Encrypted at rest: Everything you send us is encrypted sitting on our servers, so your usage stats are safe and sound.

Keeping Your Keys Safe

Bearer Tokens Only: We only accept API keys through the Authorization header. We’ll never look for them in query strings or elsewhere.
IP Allowlisting: You can lock down your keys so they only work from your specific server IPs. You can set this up in your dashboard under the AI Module settings.
Rotate Often: It’s always a good idea to swap out your API keys every now and then, or immediately if you think one might have been leaked.

Production Tips

Check Your Firewall: Make sure your servers can talk to api.antarctica.io on port 443.
One Key Per Environment: Don’t use your production keys for testing. Issue separate keys for Dev, QA, and Prod so your data stays clean.

[!CAUTION] Keep your secrets secret.
Never log your API keys to the console or print them in debug logs. Treat them like you would a database password.

Extracting Metrics Errors