Referred customers receive a 10% discount on all core offerings and solutions - up to $5,000. Contact us now!
Book a Demo

Data Security

API & Integration Security

Classification: External / Client-FacingContact: security@toku.com

Integration Security Boundary

Toku treats external integrations as controlled security boundaries. Each connection is authenticated, scoped, encrypted in transit, monitored, and revocable by the client.

  • Inbound data connections use least-privilege access to retrieve only the data required for authorized workflows.
  • Outbound custody-related connections are limited to transaction proposal workflows and cannot unilaterally move funds.
  • Integration activity is logged and monitored for failures, timeouts, and anomalous behavior.

Toku does not take custody of funds, does not hold private keys, and does not have signing authority over client wallets.

API Authentication

All API integrations use OAuth 2.0 authentication with scoped credentials. Each integration credential is provisioned with the minimum permissions required for its function:

  • HRIS integrations use read-only API credentials scoped to employee identity and compensation data. No write-back occurs to the HRIS platform.
  • Payroll integrations use read-only credentials scoped to payroll cycle data.
  • Custody integrations use credentials that can propose transactions but cannot unilaterally execute them. Client approval through the custody provider's policy engine is always required.

API Credential Management

All API credentials for client integrations are stored encrypted in Toku's secret management infrastructure. Credentials are rotated on a defined schedule and are rotated immediately upon any suspected compromise.

Clients control the provisioning and revocation of API access to their own systems. If a client revokes API access, data synchronization stops immediately. Toku cannot access client systems without client-issued credentials.

IP Restrictions for Custody Integrations

For custody platform integrations where network restrictions are available, Toku implements IP whitelisting to restrict API access to known Toku infrastructure addresses only. Even if API credentials were compromised, they could not be used from unauthorized network locations.

Network restrictions are reviewed as part of custody integration security setup.

Data Flow Security

Inbound (HRIS/Payroll to Toku)

Data syncs from HRIS and payroll platforms over encrypted API connections (TLS 1.3). Syncs run on a scheduled cadence aligned to each client's pay cycle. All inbound data is validated and logged.

Outbound (Toku to Custody Platform)

Toku submits transaction instructions through authenticated API calls. Transaction instructions include the recipient wallet address, amount, and an internal reference ID. The client's custody platform requires the client's own approval before any funds move.

Client Control Over Integrations

Clients maintain full control over their integrations with Toku:

  • Provisioning: Clients issue API credentials to Toku with their chosen permission scope.
  • Revocation: Clients can revoke API access at any time, immediately stopping data flow.
  • Monitoring: Clients can monitor API activity through their own system logs.
  • Employee enrollment: Clients determine which employees are enrolled. Toku does not add employees without client authorization.
  • Transaction approval: All payment disbursements require client approval through their custody provider's policy engine.

Integration Monitoring

All integration API calls are monitored with automated alerting on failures, timeouts, or anomalous behavior. Integration health is tracked continuously, and the engineering team is alerted to degradation.