Security architecture
ModelRiver is designed with security at every layer. From credential encryption at rest to signed webhook payloads, every interaction is authenticated, audited, and protected.
Core principles
- Zero plaintext secrets: API keys are hashed with SHA-256 on creation. Provider credentials are encrypted at rest and masked in the UI.
- Signed payloads: All webhook deliveries include HMAC-SHA256 signatures for authenticity verification.
- Granular access: Create separate API keys per environment or integration for fine-grained control.
- Comprehensive audit trails: Every request captures timestamps, providers, models, token counts, and cached metadata.
Security topics
- API keys: Generate, manage, and revoke authentication credentials
- Provider credentials: Securely store and rotate AI provider tokens
- Data retention: Understand how request data is stored and managed
- Compliance: Audit trails, exports, and regulatory considerations
Authentication & access
- Dashboard access uses secure session cookies. Invite only trusted teammates.
- All API requests require a valid Bearer token. Failed attempts return
401or403with guidance. - Rate limiting protects the platform from abuse. Contact support if you need higher throughput.
Responsible usage
- Respect provider terms of service. ModelRiver acts as an orchestrator and does not override vendor policies.
- Implement user-level rate limits in your application to complement ModelRiver's platform-wide safeguards.
- Handle personally identifiable information (PII) in accordance with your regulatory obligations.