Security is our top priority. If you think you've found a vulnerability in any Runscope service, please contact us.
Runscope uses best practices for Internet security. This helps ensure that your data is safe, secure, and available only to authorized users. Your data will be completely inaccessible to anyone else, unless you explicitly choose to share that data with the public.
Runscope enforces secure HTTPS for our entire website, including the public (unauthenticated) parts of the site. All communications with Runscope’s API are also protected with SSL. We also use HTTP Strict Transport Security to ensure your web browser never interacts with Runscope over insecure HTTP.
Runscope Passageway allows you to connect your local development environment to Runscope. The Passageway protocol is encrypted with SSL, and the Passageway client verifies that it is communicating with an authorized Runscope server. Because Passageway connects your local environment to the Internet, we strongly recommend you configure it to use an Authenticated Bucket (described below) and disconnect the client when you're not actively using it.
Runscope provides each user in your organization with a unique user name and password. These credentials must be entered to access your organization’s data.
Runscope can be used to inspect traffic to APIs that communicate via plain-text HTTP or encrypted HTTPS. When you use Runscope with a plain-text HTTP API, all network traffic between your server and Runscope will be sent in plain text, as will all network traffic between Runscope and your API provider.
For this reason, we recommend that you use HTTPS whenever possible. If an API gives you the choice, you should always use HTTPS.
Runscope Buckets are writable given that you know the randomly generated bucket key; however, data can only be viewed by the bucket owner. You may optionally enable secondary authentication for a bucket. Authenticated buckets require an additional secret token to be supplied in either an HTTP header or query string parameter to write to a bucket. If you would like to enable authentication tokens for your buckets, you may do so by enabling them in the Bucket Settings page on your dashboard. Read more about Authenticated Buckets.
If you've found a security vulnerability in a Runscope web site or service, please send an email to firstname.lastname@example.org. Your email will be reviewed promptly and we guarantee a personal response within 24 hours. We request that you not publicly disclose the issue until it has been addressed by Runscope.
If you are a Runscope customer and have further questions about your data's security, please contact email@example.com.
If you choose to contact Runscope security, you can encrypt with PGP or the free alternative GnuPG. Our PGP key is listed below. This key is also registered with the MIT Public Key Server. You may use this key to encrypt your communications with Runscope.
Once you've imported our key, you can verify the signature of emails we send you by running
User name: Runscope Security
Key ID: 2FDE143A Key fingerprint: 8482 5998 D2B1 9C4A 2CDF EE99 2490 8549 2FDE 143A Expiration date: June 1, 2017 -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG/MacGPG2 v2.0.19 (Darwin) mQENBFVt3pQBCADWCaEUeBjEGvBWZGLszhDkMGGr+HYhywFzJoF5+8NLKRCtZ49C T/TJbnX5ZzIBTKzEfMuQrm1HwVkcap5UzpLO1rJ/mj6AFAXwWiXICto+SigU1bw8 BWVK2CKifoc3IXa5qFb81Fkg+W0J2S10OldDrcV40Gam7IAYQQEliRvYBLIabvdF Glrc+bjmWNHrzNnohI3JNb1nVW9AbHJTKZJBN8daUqni+fi/TP1MAvH3cJAeAqe5 JQMOc6uJLZDrbibi+ulpuPN/DOfNbBixrXpYET32qlj0iRezilrlzjWJzufht5EQ oNgXeYONPwwEB4c8DJTvJGfCWlprxX0xsXsPABEBAAG0KVJ1bnNjb3BlIFNlY3Vy aXR5IDxzZWN1cml0eUBydW5zY29wZS5jb20+iQE9BBMBCgAnBQJVbd6UAhsDBQkD wmcABQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJECSQhUkv3hQ6yEsIAK8p97jV J90M3AtHoRHl9Ybt/Qg7q7r+EQLldFKa7ekhI2tVJWtyyV677qcgNnicNBxjg2ff dzUGedPbMG4H7qvJfFqBKpOhJ8nNLz9HqkDnQKHRX1tG7e4eRoGFSzBSrlfznGlv KePUFnQWlCRwjVVzxvpDgK77gP0s2jBKrwZSaUhymjIqz8zbuvHh0YVPYXpkMzNh 9Az491Ckp0XNw1emEX5AXzhcm4e1eASAJwWmVCZnaMePp7xOATM8CCpK5PKMuvNm oDXSWMolxXnNCG0H4OmK/vP5iJQSByBW6DupBhipYSwa1OFK+zkoNeBogKl54mZX bT0kd1CVf6k+Z925AQ0EVW3elAEIAO9V9cRJcEstl4VjezhEXO5hpnYblnAE8v9O oGSkm+oYFoZ8ON5TwNfiy6ENlXu/1EgZDAzpys2LtDTQGilm46pkq8cRLiWY0Sx2 jDE0r4esG64NGkjb8Wy3s1x9W8sLVQAkXPMBD3QicVuKkcpt01RhTHJsICPXKErm 2gRWED5e+QLDek974VQdFZHQG+/iZog5ivjisbqFKQLRCA+nr2YDutScELKUsrGD /TiZnYN/YD0xBZn7PHmGiK3yqTWZczZlhhR23C8eNN7RcGgdtPlcQmGSR19zXm2S yqBpbqfvxPEVmIVd+cZcQg8D5vypFbTv0P7I6LhOMMfzsvgV1HMAEQEAAYkBJQQY AQoADwUCVW3elAIbDAUJA8JnAAAKCRAkkIVJL94UOlzBB/9aOaD9IrRru40HWz2s ilped8vQnuD/NBk3Vx5xDz0YTgURFbZ487akHLrTut5uBgsC7Gxwq5+T2HtBkLbd SQp4YXZX76iWJP2ucHrezPOdLm4KU93smxU0OySrNue8s32wq7A+Ym6P4Ga2NsTi VFWsVsmcSiP+SuZEe34DHLvl0JsAatd44z/hxZYajWCnFBoFnOhIztMu53QMq3CA 3S7yroFu94yb9G4ZxvJNqTKtq7lwSOR5p0G+RJ2rrcIg7WU7ksgcRQVT5T7qmihm yY44ExF4QMDD+EVwRoYLyUz+wCDbLn1dkn1KI8L7JHovDdlQkDDwtzUR8aaAGK+C Wzcb =Iaux -----END PGP PUBLIC KEY BLOCK-----