2 min read
Rate limiting
60 requests per 60 seconds per IP caps abuse and keeps one caller from monopolising the ring. See rate limits.
Validation
Every input is bounded in type, length, key count and byte size, and mandatory gates like consent are enforced server-side. A bad request is a 422, not an action.
Fixed shapes
The server owns privileged fields. A caller cannot set an enquiry’s status or coax bank fields into a biller response — they are simply not settable.
PII boundary
No per-customer data crosses the ring, so there is nothing sensitive to leak even under a determined probe. See Privacy and PII.
Sanitisation
Served HTML (CMS pages) is sanitised before it leaves the hub, reducing injection risk; consumers should still escape at render time. See sanitisation.
Frequently asked questions
Is an unauthenticated API inherently insecure?
No. Security comes from controlling what can be read, written and abused. The public ring exposes only public data and safe submissions, and layers rate limiting, validation and a PII boundary on top.
What stops someone scraping the API?
The rate limit caps volume per IP, and there is no PII to scrape — responses are public vocabulary. Aggressive callers hit 429s.
Funding for UK limited companies
Credicorp lends to your company, not to you personally — short-term working capital with no personal guarantee. See what your business could access.