Runscope Documentation

Security

Security is our top priority. If you think you've found a vulnerability in any Runscope service, please contact us.

How We Keep You Safe

Runscope uses best practices for Internet security. This helps ensure that your data is safe, secure, and available only to authorized users. Your data will be completely inaccessible to anyone else, unless you explicitly choose to share that data with the public.

Runscope enforces secure HTTPS for our entire website, including the public (unauthenticated) parts of the site. All communications with Runscope’s API are also protected with SSL. We also use HTTP Strict Transport Security to ensure your web browser never interacts with Runscope over insecure HTTP.

Runscope Passageway allows you to connect your local development environment to Runscope. The Passageway protocol is encrypted with SSL, and the Passageway client verifies that it is communicating with an authorized Runscope server. Because Passageway connects your local environment to the Internet, we strongly recommend you configure it to use an Authenticated Bucket (described below) and disconnect the client when you're not actively using it.

Runscope provides each user in your organization with a unique user name and password. These credentials must be entered to access your organization’s data.

How To Keep Yourself Safe

Runscope can be used to inspect traffic to APIs that communicate via plain-text HTTP or encrypted HTTPS. When you use Runscope with a plain-text HTTP API, all network traffic between your server and Runscope will be sent in plain text, as will all network traffic between Runscope and your API provider.

For this reason, we recommend that you use HTTPS whenever possible. If an API gives you the choice, you should always use HTTPS.

Runscope Buckets are writable given that you know the randomly generated bucket key; however, data can only be viewed by the bucket owner. You may optionally enable secondary authentication for a bucket. Authenticated buckets require an additional secret token to be supplied in either an HTTP header or query string parameter to write to a bucket. If you would like to enable authentication tokens for your buckets, you may do so by enabling them in the Bucket Settings page on your dashboard. Read more about Authenticated Buckets.

Contacting Runscope

If you've found a security vulnerability in a Runscope web site or service, please send an email to security@runscope.com. Your email will be reviewed promptly and we guarantee a personal response within 24 hours. We request that you not publicly disclose the issue until it has been addressed by Runscope.

If you are a Runscope customer and have further questions about your data's security, please contact help@runscope.com.

If you choose to contact Runscope security, you can encrypt with PGP or the free alternative GnuPG. Our PGP key is listed below. This key is also registered with the MIT Public Key Server. You may use this key to encrypt your communications with Runscope.

Once you've imported our key, you can verify the signature of emails we send you by running gpg --verify.

User name: Runscope Security 
Key ID: 2FDE143A
Key fingerprint: 8482 5998 D2B1 9C4A 2CDF  EE99 2490 8549 2FDE 143A
Expiration date: June 1, 2017

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)

mQENBFVt3pQBCADWCaEUeBjEGvBWZGLszhDkMGGr+HYhywFzJoF5+8NLKRCtZ49C
T/TJbnX5ZzIBTKzEfMuQrm1HwVkcap5UzpLO1rJ/mj6AFAXwWiXICto+SigU1bw8
BWVK2CKifoc3IXa5qFb81Fkg+W0J2S10OldDrcV40Gam7IAYQQEliRvYBLIabvdF
Glrc+bjmWNHrzNnohI3JNb1nVW9AbHJTKZJBN8daUqni+fi/TP1MAvH3cJAeAqe5
JQMOc6uJLZDrbibi+ulpuPN/DOfNbBixrXpYET32qlj0iRezilrlzjWJzufht5EQ
oNgXeYONPwwEB4c8DJTvJGfCWlprxX0xsXsPABEBAAG0KVJ1bnNjb3BlIFNlY3Vy
aXR5IDxzZWN1cml0eUBydW5zY29wZS5jb20+iQE9BBMBCgAnBQJVbd6UAhsDBQkD
wmcABQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJECSQhUkv3hQ6yEsIAK8p97jV
J90M3AtHoRHl9Ybt/Qg7q7r+EQLldFKa7ekhI2tVJWtyyV677qcgNnicNBxjg2ff
dzUGedPbMG4H7qvJfFqBKpOhJ8nNLz9HqkDnQKHRX1tG7e4eRoGFSzBSrlfznGlv
KePUFnQWlCRwjVVzxvpDgK77gP0s2jBKrwZSaUhymjIqz8zbuvHh0YVPYXpkMzNh
9Az491Ckp0XNw1emEX5AXzhcm4e1eASAJwWmVCZnaMePp7xOATM8CCpK5PKMuvNm
oDXSWMolxXnNCG0H4OmK/vP5iJQSByBW6DupBhipYSwa1OFK+zkoNeBogKl54mZX
bT0kd1CVf6k+Z925AQ0EVW3elAEIAO9V9cRJcEstl4VjezhEXO5hpnYblnAE8v9O
oGSkm+oYFoZ8ON5TwNfiy6ENlXu/1EgZDAzpys2LtDTQGilm46pkq8cRLiWY0Sx2
jDE0r4esG64NGkjb8Wy3s1x9W8sLVQAkXPMBD3QicVuKkcpt01RhTHJsICPXKErm
2gRWED5e+QLDek974VQdFZHQG+/iZog5ivjisbqFKQLRCA+nr2YDutScELKUsrGD
/TiZnYN/YD0xBZn7PHmGiK3yqTWZczZlhhR23C8eNN7RcGgdtPlcQmGSR19zXm2S
yqBpbqfvxPEVmIVd+cZcQg8D5vypFbTv0P7I6LhOMMfzsvgV1HMAEQEAAYkBJQQY
AQoADwUCVW3elAIbDAUJA8JnAAAKCRAkkIVJL94UOlzBB/9aOaD9IrRru40HWz2s
ilped8vQnuD/NBk3Vx5xDz0YTgURFbZ487akHLrTut5uBgsC7Gxwq5+T2HtBkLbd
SQp4YXZX76iWJP2ucHrezPOdLm4KU93smxU0OySrNue8s32wq7A+Ym6P4Ga2NsTi
VFWsVsmcSiP+SuZEe34DHLvl0JsAatd44z/hxZYajWCnFBoFnOhIztMu53QMq3CA
3S7yroFu94yb9G4ZxvJNqTKtq7lwSOR5p0G+RJ2rrcIg7WU7ksgcRQVT5T7qmihm
yY44ExF4QMDD+EVwRoYLyUz+wCDbLn1dkn1KI8L7JHovDdlQkDDwtzUR8aaAGK+C
Wzcb
=Iaux
-----END PGP PUBLIC KEY BLOCK-----

Everything is going to be 200 OK

Sign Up — Free