Skip to main content

Security Standards

At YouNoodle, we prioritize the security of our API and the data it delivers. Our security practices are aligned with industry best practices and are designed to ensure confidentiality, integrity, and availability at all times.

Authentication & Access Control

Access to the API requires a valid API key, which is:

  • Issued manually by our support team upon request.
  • Restricted to a specific program within a client's account — a key cannot be reused across programs.
  • Available only to clients on eligible subscription plans.
  • Valid for 180 days from the date of issue, after which it must be renewed.
  • Can be deactivated at any time by YouNoodle, particularly in cases of misuse, plan changes, or at the client's request.

Read-Only Access

The API supports GET requests only, meaning it is strictly read-only. No data can be modified, deleted, or inserted through the API, reducing the risk of unauthorized changes or data corruption.

Data Encryption

We use strong encryption practices to protect your data: In Transit: All data exchanged with our API is encrypted using HTTPS (TLS 1.2 or higher). Unencrypted HTTP connections are not supported. At Rest: Any sensitive data stored on our systems is encrypted using AES-256 standards.

Input Validation & Rate Limiting

All query parameters are validated and sanitized to guard against common attack vectors like injection and XSS.

  • API access is protected by rate limiting policies, enforced through our Web Application Firewall (WAF), to guard against abuse and ensure reliable performance for all clients.

Incident Response

YouNoodle maintains a formal Incident Response Plan to manage security events quickly and transparently. This includes:

  • Rapid isolation and mitigation of the issue.
  • Communication to affected clients within 24 hours.
  • Internal investigation and documentation of root cause.
  • Remediation steps completed within 48 hours.
  • Optional follow-up report for affected clients.

Security Governance & Maintenance

Our API security model adheres to recognized standards and guidelines, including:

  • OWASP API Security Top 10
  • Principle of Least Privilege
  • Regular internal reviews such as vulnerability scans
  • An anual external review through a third party pen test