The easy API testing tool that doesn’t want your data.
You’re trusting a tool with your API keys — that’s a real worry, and it should be. So we built Apidural so it structurally can’t misuse them. Here’s exactly what we promise, and what we don’t yet.
The Golden Rule
A computer decides pass or fail — never the AI.
The AI helps draft your tests and explain results in plain English. But it never decides whether a test passed. That verdict is made by ordinary, predictable code that checks the real response against your expectations. So a green check means a machine verified it — not that an AI guessed it. Same rule, every run.
Structural promises we can make right now.
Your secrets never go to the AI
The AI only ever sees placeholders like {{token}} — by design. Your real API keys and tokens are swapped in later, by code, only at the moment a test actually runs.
Encrypted at rest, decrypted for an instant
Keys are encrypted while stored and decrypted only in memory, for the split second we fire your request — then discarded. They never sit around in the clear.
Never written to any log
Secrets are scrubbed from app logs, error monitoring, bug reports, exports, and share links. Whatever leaves the system is clean, every time.
Synthetic data by default
Tests run on safe, fake sample data unless you choose otherwise — so real customer data rarely enters the system at all.
Your data stays in India (Mumbai)
Database and workers run in the Mumbai region, aligned with India's DPDP Act. Your data doesn't quietly hop to another country.
Steps you can take for extra safety.
You stay in control
Use a scoped test key instead of your production admin key (we nudge you to). Export or permanently delete your data anytime. Retention is short by default.
Real future goals — clearly marked not yet available.
7 · SOC 2 — a goal, not yet held
We design to SOC 2-aligned practices, but we do not yet holda SOC 2 certification or a third-party audit. We won’t claim one until it’s real. If your security reviewer needs the current status in writing, email us — we’ll tell you exactly where we are.
Our promise about promises: every security claim on this page is true today. Anything still being built is labelled roadmap — never dressed up as available. Questions from a buyer’s security team are welcome at support@apidural.com.