ai.TokenHub

English

简体中文

English

简体中文

Appearance

Data Security

ai.TokenHub provides comprehensive data security to protect user privacy and business data.

Core Security Mechanisms

Zero Data Retention (ZDR)

Platform commits to not storing any detailed request/response content on servers.

  • Pure Forwarding: Direct forwarding to upstream API providers
  • No Log Retention: No logging of request content
  • Immediate Destruction: Instantly clear temporary data after processing
User Request ──→ ai.TokenHub ──→ Upstream API

              ├── No request content stored
              ├── No response content stored
              └── Only metadata logged

Data Isolation

  • Tenant Isolation: Complete data isolation between tenants
  • Transport Encryption: Full TLS 1.3 encryption
  • API Key Encryption: AES-256 encrypted storage

Security Features

Authentication & Authorization

json
{
  "auth": {
    "api_key": {
      "encryption": "AES-256",
      "rotation_support": true
    },
    "oauth": {
      "supported": true,
      "providers": ["google", "github", "microsoft"]
    }
  }
}

IP Whitelist

json
{
  "security": {
    "ip_whitelist": {
      "enabled": true,
      "allowed_ips": [
        "203.0.113.0/24",
        "198.51.100.0/24"
      ]
    }
  }
}

Two-Factor Authentication (2FA)

Supports TOTP authenticator for additional account protection.

  • Google Authenticator
  • Authy
  • Recovery code backup

Compliance

ItemDescription
GDPR CompliantEU General Data Protection Regulation
Data LocalizationRegional data storage support
Audit LogsComplete operation audit records
Privacy PolicyTransparent privacy policy

Security Best Practices

For Users

  1. Protect API Keys: Never hardcode in client code
  2. Enable 2FA: Add two-factor authentication
  3. IP Whitelist: Enable IP restrictions for production
  4. Regular Rotation: Periodically rotate API Keys
  5. Monitor Logs: Regularly check API usage records

For Enterprises

  1. Sub-account Isolation: Create separate sub-accounts per department
  2. Least Privilege: Grant permissions as needed
  3. Quota Control: Set reasonable quota limits
  4. Audit Compliance: Enable complete audit logs

Responding to Security Incidents

If you discover security issues or API Key leaks:

  1. Immediate Disable: Delete suspicious API Keys in dashboard
  2. Generate New Key: Create new API Key
  3. Check Logs: Review for unusual usage
  4. Contact Support: If needed, contact technical support