Security

Authentication

LnkApp supports multiple authentication methods:

• Email and password authentication
• OAuth via Google, GitHub, and Microsoft
• Two-factor authentication using TOTP
• Password reset with email verification

Cryptography

We use industry-standard cryptographic primitives:

• Password hashing: PBKDF2 with high iteration counts
• Secret encryption: AES-256-GCM for API keys, tokens, and credentials
• Webhook signatures: HMAC-SHA256 for payload verification
• ID generation: Cryptographically secure random identifiers

Authorization

Access control is enforced at every layer:

• Role-based access control (Owner, Admin, Member, Viewer)
• Scoped API keys with explicit permission grants
• Resource-level ownership validation on all operations
• Organization-level permission boundaries

Rate limiting

All endpoints are protected by rate limiting:

• Per-endpoint limits based on operation sensitivity
• Per-IP limits for unauthenticated requests
• Differentiated thresholds for authenticated users
• Fail-closed enforcement (requests are rejected, not queued)

Audit logging

Every state-changing action is logged:

• Append-only audit log (records cannot be modified)
• Full attribution: actor, action, target, timestamp, request ID
• Exportable records in standard formats
• Retention policies configurable per organization

Infrastructure

LnkApp runs on Cloudflare's global edge network:

• TLS 1.3 for all connections
• No centralized origin in the redirect path
• Encrypted storage for all secrets
• Multi-region redundancy with automatic failover

Reporting security issues

If you discover a security vulnerability, please report it to security@lnkapp.me.

We will acknowledge receipt within 24 hours and provide a detailed response within 72 hours. We do not currently operate a bug bounty program.

Last updated: January 2026