Security
Tynk is built with security-first defaults for developer tooling.
Authentication
- OAuth 2.0 + PKCE (S256) for IDE and web sign-in
- API keys hashed at rest with SHA-256 + pepper
- Scoped access:
llm:read, llm:write, models:read, usage:read, admin - Token rotation and revocation via
/oauth/revoke
Infrastructure
- TLS everywhere —
api.tynk.cloud,tynk.cloud - Rate limiting on auth and inference endpoints
- Secrets never logged; Authorization headers redacted