Architecture Overview
StatelessEncryptedZero Retention
zkOrigoPlus operates on a stateless, zero-data-retention architecture. All API requests are processed in-memory and no transaction data, wallet addresses, or compliance results are persisted beyond the request lifecycle.
Core Security Features
- TLS 1.2+: All API endpoints enforce HTTPS with TLS 1.2 or higher
- KMS Encryption: Sensitive configuration encrypted at rest using AWS KMS
- Secrets Manager: All API keys, credentials, and secrets stored in AWS Secrets Manager (no environment variables)
- WAF Protection: AWS WAF with rate limiting (500 req/5min per IP) and AWS Managed Rules
- CloudFront CDN: DDoS protection and edge caching with signed requests
API Key Security
Key Format
API keys follow the format: zk_live_[48-character-random-string]
Storage Policy
- Keys are hashed using SHA-256 before storage in DynamoDB
- Original keys are never logged or persisted
- Keys are transmitted via x-api-key header only
- No query parameter authentication supported
Key Rotation
API keys do not expire automatically. Users can rotate keys via the customer dashboard or by contacting support at admin@autodigitalcoin.com.
Rate Limiting
Sandbox Environment
- Rate: 30 requests/second per IP
- Authentication: None required
- Endpoint: /sandbox/*
Production Tiers
- Starter: 10 req/sec, 2,500 calls/month
- Professional: 25 req/sec, 10,000 calls/month
- Enterprise: 50 req/sec, 50,000 calls/month
Rate limits enforced at API Gateway level with 429 Too Many Requests response on breach.
Data Retention Policy
Zero Retention: zkOrigoPlus does not store:
- Wallet addresses submitted for validation
- Transaction data or blockchain queries
- AML/sanctions check results
- ISO20022 message content
- RWA attestation details
Telemetry Only: Aggregated, anonymized API usage metrics (call count, latency, error rates) are stored for service monitoring. No PII or transaction-specific data is retained.
Compliance References
- ISO20022: Message validation against pain.001 and camt.053 schemas
- AML/Sanctions: OFAC SDN list integration (updated daily)
- Blockchain Validators: Real-time on-chain validation for BTC, ETH, XLM, XRPL, HBAR, Polygon
- Research Foundation: SSRN Abstract 5634150
← Back to Home