Developer Portal Service — Security Model

Version: 1.0 Status: Draft Owner: Product + Developer Relations (DevRel) Last Updated: 2026-04-20

1. Intent

Define the RBAC/ABAC matrix, encryption posture, audit events, GDPR participation, and data-residency posture for the Developer Portal. Security focal points: API key handling (never persist secrets in this service), Verify code storage (HMAC + pepper), and abuse-control on the Verify endpoints.

2. RBAC / ABAC

TBD (developer / tenant-owner / DevRel-admin / platform-admin roles; per-environment scopes)

3. Authentication

Browser portal: SSO via auth-service (Firebase upstream), MFA enforced for production-key actions. TBD
API: Bearer API key validated by api-gateway -> auth-service. TBD

4. Encryption

TLS 1.3 in transit (mandated by Kong). TBD
AES-256-GCM at rest for all Postgres columns flagged sensitive. TBD
HMAC-SHA-256 with server-side pepper for Verify code storage. TBD

5. API Key Handling

Secrets are issued by auth-service and shown to the developer once in the create-key response. Never stored in devportal. TBD

6. Verify Code Storage

code_hmac = HMAC-SHA-256(code, peppered_key) — pepper is per-environment KMS-managed. TBD

7. Abuse Controls

Per-tenant Verify start rate limit (default 100/min). TBD
Per-recipient Verify cap (5/hour, 20/day). TBD
Daily spend cap per tenant (default $500). TBD
fraud-intel-service integration. TBD

8. Audit Events

TBD

TBD

10. Data Residency

All devportal Postgres data is hosted in-country (Afghanistan-based DC + DR). TBD

1. Intent​

2. RBAC / ABAC​

3. Authentication​

4. Encryption​

5. API Key Handling​

6. Verify Code Storage​

7. Abuse Controls​

8. Audit Events​

9. GDPR Participation​

10. Data Residency​