DealerMAX Developers

Security

Security posture for the public developer surface: read-only data plane, scoped API keys, backend-only integration guidance, and coordinated vulnerability disclosure.

API key handling

Platform boundaries

Reporting

Report vulnerabilities to security@dealermax.app. Include the affected host, reproduction steps, and impact. Do not include plaintext API keys, and do not open public GitHub issues for security findings. RFC 9116: https://developers.dealermax.app/.well-known/security.txt.

Machine-readable trust links

APIs index/.well-known/apis.json
Subprocessors/.well-known/subprocessors.json
Security advisories/.well-known/security-advisories.atom
Authoritative reference: https://developers.dealermax.app/api Contact: support@dealermax.app Owner: Azure S.r.l. DealerMax-app/dealermax-public-api