• Secure cookies over HTTPS
• Force TLS 1.2+
• Default session expiry is 4 years. This can be customized per customer if needed. Deactivated user sessions are invalidated upon next API request.
• Everything is proxied behind Cloudflare