APIdural
Security & Trust

The easy API testing tool that doesn’t want your data.

You’re trusting a tool with your API keys — that’s a real worry, and it should be. So we built Apidural so it structurally can’t misuse them. Here’s exactly what we promise, and what we don’t yet.

The Golden Rule

A computer decides pass or fail — never the AI.

The AI helps draft your tests and explain results in plain English. But it never decides whether a test passed. That verdict is made by ordinary, predictable code that checks the real response against your expectations. So a green check means a machine verified it — not that an AI guessed it. Same rule, every run.

✓ Guaranteed today

Structural promises we can make right now.

1

Your secrets never go to the AI

The AI only ever sees placeholders like {{token}} — by design. Your real API keys and tokens are swapped in later, by code, only at the moment a test actually runs.

2

Encrypted at rest, decrypted for an instant

Keys are encrypted while stored and decrypted only in memory, for the split second we fire your request — then discarded. They never sit around in the clear.

3

Never written to any log

Secrets are scrubbed from app logs, error monitoring, bug reports, exports, and share links. Whatever leaves the system is clean, every time.

4

Synthetic data by default

Tests run on safe, fake sample data unless you choose otherwise — so real customer data rarely enters the system at all.

5

Your data stays in India (Mumbai)

Database and workers run in the Mumbai region, aligned with India's DPDP Act. Your data doesn't quietly hop to another country.

🖐 In your control

Steps you can take for extra safety.

6

You stay in control

Use a scoped test key instead of your production admin key (we nudge you to). Export or permanently delete your data anytime. Retention is short by default.

🛣 On the roadmap

Real future goals — clearly marked not yet available.

7 · SOC 2 — a goal, not yet held

We design to SOC 2-aligned practices, but we do not yet holda SOC 2 certification or a third-party audit. We won’t claim one until it’s real. If your security reviewer needs the current status in writing, email us — we’ll tell you exactly where we are.

Our promise about promises: every security claim on this page is true today. Anything still being built is labelled roadmap — never dressed up as available. Questions from a buyer’s security team are welcome at support@apidural.com.

Test your first API — without handing over your data.

Start free →