Security & Compliance

Best practices for building secure applications with Arcade.

Key Security Topics

Secure Your MCP Server

Best practices for securing custom MCP servers in production.

Secure your MCP server →

Secure Authentication in Production

How to handle OAuth flows and token management securely in user-facing applications.

Production auth guide →

Security Research Program

Report security vulnerabilities and learn about our security practices.

Security research program →

Quick Security Checklist

• API keys are stored in environment variables, not code
• OAuth redirect URIs are restricted to your domains
• User tokens are properly scoped (minimal permissions)
• Error messages don’t leak sensitive information
• Audit logs are enabled for sensitive operations

Additional Resources

• Securing Arcade MCP
• Deployment security