ErotemeSecurity Overview
How Eroteme secures API endpoints and user data.
Overview
All state-changing API endpoints require wallet signature authentication. This provides stronger security than traditional session-based auth by proving the caller controls the wallet's private key.
Security Layers
1. Signature-Based Authentication
Every authenticated request must be signed by the wallet owner using ECDSA signatures.
2. Timestamp Validation
Signatures expire after 5 minutes, preventing replay attacks. The server rejects any request with a timestamp older than the window.
3. Rate Limiting
Per-address rate limits with automatic blocking:
| Endpoint Group | Limit | Block Duration |
|---|---|---|
| Profile | 10 req/min | 2 minutes |
| AI analysis | 20 req/min | 2 minutes |
4. ReDoS Protection
All user-provided input used in regex queries is sanitised to prevent Regular Expression Denial of Service attacks.
5. Database Connection Management
All endpoints verify database connectivity before processing requests.