Security

ApexMCP follows a defence-in-depth microservices architecture. No internal service is exposed directly to the internet — all traffic enters through the gateway.

• In transit: TLS 1.3 enforced on all public endpoints. Internal service-to-service traffic is encrypted via mutual TLS within the private network.
• At rest (credentials): Connector credentials (connection strings, API keys, OAuth tokens) are encrypted with AES-256-GCM by HashiCorp Vault before being written to disk.
• At rest (database): RDS volumes are encrypted at rest using AWS KMS-managed keys.
• Key management: Vault auto-unseals using AWS KMS. Master keys are never stored on application servers.

• Identity provider: Zitadel OIDC handles all user authentication. Passwords are never stored by ApexMCP.
• MFA enforcement: Multi-factor authentication can be enforced org-wide by administrators. Configurable via the Security settings page.
• Session timeout: Configurable per-org session timeout (15–480 minutes), enforced at the gateway and surfaced as a countdown in the dashboard.
• IP allowlisting: Organisations can restrict dashboard access and MCP gateway access to specific CIDR ranges. IPv4 and IPv6 supported.
• SSO / BYOIDP: Growth and Scale plans support bringing your own OIDC identity provider (Okta, Azure AD, Google Workspace, Auth0). SAML available on request for enterprise customers.
• SCIM 2.0 provisioning: automated user provisioning and de-provisioning from your IdP. IdP group memberships are mapped to ApexMCP roles (admin, finance, contributor) via per-org configuration in the dashboard settings — new federated users land with the right role automatically.

• API key hashing: API keys are stored as SHA-256 hashes. The plaintext key is shown only once at creation time.
• Per-key tool scope gating: Each API key can be scoped to specific MCP tools or connectors, limiting blast radius if a key is compromised.
• Rate limiting: Per-second sliding-window rate limits enforced at the gateway (tier-dependent: 5–unlimited rps). Idempotency keys supported to prevent duplicate tool calls.
• Key rotation policy: Automatic API key rotation on a configurable schedule (30 / 60 / 90 / 180 days). Rotation events are audited.
• Read-only enforcement: Connectors can be configured as read-only to prevent write operations from AI agents regardless of what the agent attempts.

• Every tool call, credential access, user login, and administrative action generates an audit event with actor, IP, timestamp, and action detail.
• Immutable hash chain: Each audit record stores a SHA-256 hash of the previous record, making tamper attempts detectable.
• Audit logs are exportable as JSON from the dashboard. A PII redaction option removes personally identifiable fields before export.
• The export action itself is audited (who exported, when, IP, row count).

We welcome security researchers. If you discover a vulnerability in the ApexMCP platform, please report it to security@apexmcp.ai. Please include a description of the vulnerability, steps to reproduce, and potential impact. We aim to acknowledge reports within 2 business days and resolve critical issues within 14 days. We will not take legal action against researchers who follow responsible disclosure practices.