Blockradar’s Responsibility: Security of the Platform
Blockradar is responsible for securing the infrastructure that runs the services offered by Blockradar. This includes the security of all Blockradar-authored code, from our encryption systems to our APIs, and everything in between. Blockradar commits to securing the Confidentiality, Integrity, and Availability of the Blockradar platform. Blockradar’s responsibilities therefore include:- Maintaining the confidentiality of secret materials stored with Blockradar, in particular but not limited to encrypted seed phrases and derivation paths;
- Ensuring the integrity of all end user requests that are made to Blockradar’s system and all data associated with those requests; and
- Providing constant availability of Blockradar’s services.
Customer’s Responsibility: Security Using the Platform
Customers are responsible for the decisions they make when using Blockradar. Each customer’s unique product and threat model play a critical role in determining the appropriate configurations and integration patterns, including choices that could impact security. Customers are responsible for securely integrating their product with Blockradar. Blockradar provides extensive documentation and examples for building multiple products, including guidance on authentication flows, appropriate feature selection, credential management, and more. Each customer’s implementation choices differ significantly based on the unique integration of Blockradar, and therefore the ultimate responsibility remains with the customer to select the right approach. In addition, customers are responsible for securing their Blockradar organizations. This requires the proper configuration for API access, appropriate backups for seed phrases, and properly securing authenticator credentials, such as API keys.Illustrations of the Shared Responsibility Model
Authentication and Authorization
Blockradar is responsible for ensuring authentication correctness and that any action taken within an authenticated context is unable to exceed previously granted permissions. Customers are responsible for ensuring that authorization permissions are appropriately configured for each user and that user authentication credentials are securely managed.Key Management and Transactions
Blockradar is responsible for securing the infrastructure that enables private key computation and transaction signing, including the protection of encrypted seed phrases and derivation paths. Customers are responsible for securely backing up their seed phrases and ensuring that transaction parameters are properly validated before submission to Blockradar.Disaster Recovery and Business Continuity
Blockradar is responsible for maintaining infrastructure redundancy and providing access to seed phrase backups through the dashboard. Customers are responsible for creating and securely storing their seed phrase backups, and implementing their own disaster recovery procedures using these backups.The shared responsibility model ensures that both Blockradar and our customers work together to maintain the highest security standards. While Blockradar secures the platform, customers must implement secure integrations and properly manage their seed phrase backups.
Related Documentation
Our Approach
Learn about Blockradar’s overall security philosophy and approach to protecting your funds.
Key Management
Learn about our revolutionary key management system and how we eliminate private key storage risks.
Disaster Recovery
Understand how we ensure business continuity and fund security during disasters.
Report Vulnerability
Learn how to report security vulnerabilities to help improve our platform.