Engineering Update: Secure Token Generation & Key Management Details
This update provides more insight into our multi-layered security approach for API key management and token generation.
#Core Security Layers:
- Split-Key Architecture: API keys are cryptographically split. The server part is stored securely within Proxed.AI infrastructure, while the client part (with metadata including version and a unique split ID) resides on the device. Both are required for key reconstruction, which only happens momentarily during request processing.
- Apple DeviceCheck Integration: Every API request requires a valid DeviceCheck token, cryptographically signed by Apple, ensuring requests originate from genuine iOS devices running your application.
- Client-Side Key Splitting: The process of splitting keys, generating cryptographic salt, and embedding metadata is designed to happen client-side, further minimizing exposure.
This system ensures that no single location holds a complete API key and that only verified devices can initiate requests, forming the foundation of our zero-trust key management strategy.