Security
Transyt is designed with security at every layer, from webhook ingestion to data storage.
Security Features
Section titled “Security Features”| Feature | Description |
|---|---|
| Signature Verification | Provider-specific cryptographic verification for every webhook |
| Secret Rotation | Zero-downtime rotation with current + previous secret support |
| Audit Logging | SOC 2 aligned audit trail for all administrative actions |
| Encryption | Secrets encrypted at rest using Fernet (AES-128-CBC + HMAC) |
Transport Security
Section titled “Transport Security”- All endpoints served over TLS (HTTPS only)
- HTTP requests are redirected to HTTPS
- Modern TLS configuration with strong cipher suites
Authentication
Section titled “Authentication”- Admin API requires
X-Admin-Tokenheader - Token comparison uses constant-time algorithms (
hmac.compare_digest) to prevent timing attacks - IP allowlist support for additional access control
Data Protection
Section titled “Data Protection”- Signing secrets and delivery secrets are encrypted at rest in the database
- Raw webhook payloads and headers are stored for audit and replay purposes
- Rejected events (failed signature verification) are stored for debugging but marked as
rejected