Security

Goal: Manage tokens and secrets, and understand how your data is protected.

OpenX runs in your tenant. Your data, your identity provider, your boundary - we handle authorization, you keep ownership. That is "fire us, keep running" made concrete.

How it is protected

Layer	Protection
Network	HTTPS everywhere, modern TLS
Sign-in	Your identity provider, SSO, MFA
Access	Role-based, workshop or surface scope
Data	Encrypted in transit and at rest
History	Every action recorded and attributable

Connection credentials are stored encrypted and never shown in the UI or logs.

Tokens

Generate from APIs -> API Keys: pick an expiration, optionally choose scopes for least privilege, Generate, copy once. Rotate regularly; use env vars; never hardcode. A token carries an identity, a workspace, scopes, and an expiry. Revoke any token immediately from APIs -> Keys -> Revoke. Full detail in Secrets and Auth & Tokens.

Rotating connection credentials

Update credentials on a connection, test, then save - using the secondary credential means no downtime. Every creation, use, and revocation is recorded.

Your tenant, your control

Network, identity, data, and history all stay within your boundary, exportable any time. Audit logging and role-based access support SOC 2 controls; GDPR data export and deletion are supported.

Go deeper

Keys, expiry presets, rotation, and revoke -> Secrets

Next steps

Roles and access -> Team & Access Rights
How history compounds -> Ship with Confidence

On this page

Security
- ╰─▶How it is protected
- ╰─▶Tokens
- ╰─▶Rotating connection credentials
- ╰─▶Your tenant, your control
- ╰─▶Go deeper
- ╰─▶Next steps