Security

A technical overview of how ApexMCP protects your data and infrastructure.

Architecture Overview

ApexMCP follows a defence-in-depth microservices architecture. No internal service is exposed directly to the internet — all traffic enters through the gateway.

Gateway

Public-facing reverse proxy. Handles auth, rate limiting, IP allowlisting, request routing, and audit logging before passing requests to internal services.

MCP Manager

Orchestrates MCP tool provisioning and execution. Builds per-org tool registries from active connectors and executes tool calls against the appropriate connector.

Credential Vault

HashiCorp Vault instance dedicated to connector credential storage. Credentials never leave the vault unencrypted; the connector service retrieves and uses them at runtime.

Audit Service

Receives audit events from all services and persists them with an immutable SHA-256 hash chain. Events are immutable once written.

Encryption

  • In transit: TLS 1.3 enforced on all public endpoints. Internal service-to-service traffic is encrypted via mutual TLS within the private network.
  • At rest (credentials): Connector credentials (connection strings, API keys, OAuth tokens) are encrypted with AES-256-GCM by HashiCorp Vault before being written to disk.
  • At rest (database): RDS volumes are encrypted at rest using AWS KMS-managed keys.
  • Key management: Vault auto-unseals using AWS KMS. Master keys are never stored on application servers.

Authentication

  • Identity provider: Zitadel OIDC handles all user authentication. Passwords are never stored by ApexMCP.
  • MFA enforcement: Multi-factor authentication can be enforced org-wide by administrators. Configurable via the Security settings page.
  • Session timeout: Configurable per-org session timeout (15–480 minutes), enforced at the gateway and surfaced as a countdown in the dashboard.
  • IP allowlisting: Organisations can restrict dashboard access and MCP gateway access to specific CIDR ranges. IPv4 and IPv6 supported.
  • SSO / BYOIDP: Growth and Scale plans support bringing your own OIDC identity provider (Okta, Azure AD, Google Workspace, Auth0). SAML available on request for enterprise customers.
  • SCIM 2.0 provisioning: automated user provisioning and de-provisioning from your IdP. IdP group memberships are mapped to ApexMCP roles (admin, finance, contributor) via per-org configuration in the dashboard settings — new federated users land with the right role automatically.

API Security

  • API key hashing: API keys are stored as SHA-256 hashes. The plaintext key is shown only once at creation time.
  • Per-key tool scope gating: Each API key can be scoped to specific MCP tools or connectors, limiting blast radius if a key is compromised.
  • Rate limiting: Per-second sliding-window rate limits enforced at the gateway (tier-dependent: 5–unlimited rps). Idempotency keys supported to prevent duplicate tool calls.
  • Key rotation policy: Automatic API key rotation on a configurable schedule (30 / 60 / 90 / 180 days). Rotation events are audited.
  • Read-only enforcement: Connectors can be configured as read-only to prevent write operations from AI agents regardless of what the agent attempts.

Audit Logging

  • Every tool call, credential access, user login, and administrative action generates an audit event with actor, IP, timestamp, and action detail.
  • Immutable hash chain: Each audit record stores a SHA-256 hash of the previous record, making tamper attempts detectable.
  • Audit logs are exportable as JSON from the dashboard. A PII redaction option removes personally identifiable fields before export.
  • The export action itself is audited (who exported, when, IP, row count).

Responsible Disclosure

We welcome security researchers. If you discover a vulnerability in the ApexMCP platform, please report it to security@apexmcp.ai. Please include a description of the vulnerability, steps to reproduce, and potential impact. We aim to acknowledge reports within 2 business days and resolve critical issues within 14 days. We will not take legal action against researchers who follow responsible disclosure practices.