Secure cookies over HTTPS
Force TLS 1.2+
Default session expiry is 4 years. This can be customized per customer if needed. Deactivated user sessions are invalidated upon next API request.
Everything is proxied behind Cloudflare