🚀
JetPero
  • Welcome to JetPero API Platform
  • Getting Started
    • Quickstart
  • Signup & Setup
  • Your First API Key
  • Basics
    • Integrations
    • API Requests & Responses
    • SDKs & Tools
  • Features
    • API Key Management
    • Monitoring & Analytics
    • Alerts & Notifications
    • Security
  • Plans & Limits
    • Pricing
    • Rate Limits
  • Help
    • Troubleshooting & FAQ
    • Contact Support
Powered by GitBook
On this page
  • 🛡️ Key Principles
  • 🔑 Provider Key Handling
  • 🧩 Organization-Level Scoping
  • 🔐 Token Generation
  • ✅ Security Features
  • 🔐 Best Practices
  • 👁️ Security Roadmap
  • 💬 Have a security question or concern?
  1. Features

Security

At JetPero, security isn’t an afterthought — it’s the foundation. From encrypted keys to project-level isolation, we make sure your sensitive data stays protected across every request and integration.

🛡️ Key Principles

🔒 Secure by Default

JetPero is designed to ensure that your actual provider API keys never leave your backend or touch the frontend.

🧠 No Client-side Exposure

All requests to third-party providers go through JetPero’s secure proxy. Your provider keys are auto-injected server-side, so your users or browsers never see them.

🗂️ Project-level Isolation

Every project you create (e.g., abc.co, tt.net) has:

  • Its own isolated API key vault

  • A project-specific auth token

  • Strict access controls

🔑 Provider Key Handling

When you set up a provider:

  • The actual provider API key is encrypted and stored securely

  • JetPero generates a JWT-based token tied to the project

  • Your proxy requests only require this JetPero project token

✅ Example: You make a request to OpenAI like this:

curl https://api.jetpero.com/proxy/openai/chat/completions \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer <Your-Project-Token>" \
  -d '{ "model": "gpt-4", "messages": [...] }'

🚫 You never have to expose your real OpenAI key in this request. 🔁JetPero handles it behind the scenes, injecting your stored key securely.

🧩 Organization-Level Scoping

Your organization contains multiple projects. Each project:

  • Has its own encrypted token

  • Cannot access another project’s providers or data

  • Can rotate or revoke keys independently

Even if someone gets access to one project token, they can’t see or touch other environments.

🔐 Token Generation

  • Based on JWT + crypto signing

  • Issued per project (not per user)

  • Expirable and revokable

  • Scopes built-in for future RBAC

✅ Security Features

Feature
Status

Provider Key Encryption

✅ Live

Token-based Auth

✅ Live

Project Isolation

✅ Live

Auto Key Injection

✅ Live

Role-based Access Control

🛠️ Coming Soon

Activity Logs & Audit Trail

🛠️ Coming Soon

Key Rotation & History

🛠️ Coming Soon

🔐 Best Practices

  • Use different tokens for dev/staging/production

  • Never share your JetPero token publicly

  • Use readable provider names (e.g., openai, replicate, etc.)

  • Revoke and reconfigure providers when rotating keys

👁️ Security Roadmap

We're working on:

  • Granular permissions & roles

  • Real-time token usage logs

  • Automated key rotation

  • SOC2/GDPR compliance

💬 Have a security question or concern?

PreviousAlerts & NotificationsNextPricing

Last updated 7 days ago

Reach us directly at or 0706172020 via WhatsApp

[email protected]