Security
Secure your Vectara applications with enterprise-grade authentication, authorization, and data privacy controls. This section covers how to authenticate API access, control user permissions, and ensure compliance with security standards.
Authentication
Secure your API access with API keys or OAuth 2.0:
- Authentication and Authorization Overview - Understand authentication mechanisms and authorization models
- Authentication Overview - Learn about authentication options and when to use them
- Choose Authentication Method - Compare API keys vs OAuth 2.0 for your use case
- API Key Management - Create and manage API keys for development and testing
- OAuth 2.0 - Set up OAuth 2.0 for production applications
Authorization
Control access to your Vectara resources with fine-grained permissions:
- Enterprise Access Patterns - Common access control scenarios for admins, developers, and end users
- Role-Based Access Control - Assign permissions by role (RBAC)
- Attribute-Based Access Control - Fine-grained permissions using metadata filters (ABAC)
- Multi-Tenant Corpus Isolation - Separate data by tenant or customer
- Combine Access Control with Application Filters - Layer security controls with application logic
Data Privacy and Compliance
Vectara is built for enterprise security and compliance requirements:
- Security and Data Privacy - Encryption, data isolation, and compliance certifications
Security Features
Vectara provides enterprise-grade security:
- SOC 2 Type II certified - Independently audited security controls
- HIPAA compliant - Healthcare data protection standards
- Zero training on customer data - Your data stays private and is never used for model training
- Encryption at rest and in transit - AES-256 and TLS 1.2+
- Fine-grained access control - RBAC and ABAC support
- Audit logging - Complete activity trails for compliance
- Multi-tenant isolation - Secure data separation between customers
Quick Links
- Developer Quickstart - Get started with API keys in 5 minutes
- Deployment Options - Explore on-premises and air-gapped deployment for maximum security
- API Authentication Examples - Code samples for authentication