Advanced

Security Best Practices

Secure your Agent Rush deployment with industry-standard security practices.

Overview

Security is a core priority at Agent Rush. This guide covers best practices for securing your integration, protecting customer data, and maintaining compliance with data protection regulations.

Security Features

Encryption at Rest

AES-256 encryption for all stored data

Encryption in Transit

TLS 1.3 for all API communications

Data Masking

PII redaction in logs and analytics

SOC 2 Compliant

Enterprise-grade infrastructure

API Key Security

  • Store API keys in environment variables, never in code
  • Use separate keys for development and production
  • Rotate keys regularly (recommended: every 90 days)
  • Use minimum required permissions for each key
  • Revoke unused or compromised keys immediately
  • Never expose keys in client-side code or repositories

Webhook Security

Always verify webhook signatures to ensure requests are from Agent Rush:

Signature Verification
import crypto from 'crypto';

function verifyWebhookSignature(payload, signature, secret) {
  const expectedSignature = crypto
    .createHmac('sha256', secret)
    .update(payload)
    .digest('hex');

  const trusted = Buffer.from(`sha256=${expectedSignature}`, 'utf8');
  const untrusted = Buffer.from(signature, 'utf8');

  return crypto.timingSafeEqual(trusted, untrusted);
}

// In your webhook handler
app.post('/webhook', (req, res) => {
  const signature = req.headers['x-agentrush-signature'];
  const isValid = verifyWebhookSignature(
    JSON.stringify(req.body),
    signature,
    process.env.WEBHOOK_SECRET
  );

  if (!isValid) {
    return res.status(401).send('Invalid signature');
  }

  // Process webhook...
});

Data Protection

PII Handling

Configure automatic PII detection and masking:

{
  "data_protection": {
    "pii_detection": true,
    "mask_in_logs": true,
    "mask_in_analytics": true,
    "sensitive_fields": [
      "credit_card",
      "ssn",
      "aadhaar",
      "pan_number",
      "password"
    ]
  }
}

Data Retention

Configure how long data is retained:

{
  "retention": {
    "conversations": "90d",
    "analytics": "365d",
    "audit_logs": "730d",
    "auto_delete_pii": true
  }
}

Access Control

Implement role-based access control for your team:

  • AdminFull access to all settings
  • ManagerAgent config, analytics, no billing
  • AgentHandle conversations only
  • ViewerRead-only analytics access

Audit Logging

All sensitive actions are logged for audit purposes:

{
  "event": "api_key.created",
  "timestamp": "2026-01-12T10:30:00Z",
  "actor": {
    "user_id": "user_123",
    "email": "admin@company.com",
    "ip_address": "203.0.113.42"
  },
  "resource": {
    "type": "api_key",
    "id": "key_xyz789",
    "name": "Production Key"
  },
  "changes": {
    "permissions": ["agents:read", "agents:write"]
  }
}

Compliance

GDPR

Data export, deletion, and consent management

IT Act 2000

Indian data protection compliance

SOC 2 Type II

Security, availability, confidentiality

ISO 27001

Information security management

Security Checklist

  • API keys stored in environment variables
  • Webhook signature verification implemented
  • PII detection and masking enabled
  • Role-based access control configured
  • Data retention policies set
  • Audit logging enabled
  • Regular security review scheduled

Related

API Authentication
Webhooks