We release security updates for the following versions of the Vedika Python SDK:

We take the security of the Vedika Python SDK seriously. If you believe you have found a security vulnerability, please report it to us as described below.

• Open a public GitHub issue for security vulnerabilities
• Post about the vulnerability in public forums or social media
• Attempt to exploit the vulnerability beyond verifying its existence

Report security vulnerabilities to: security@vedika.io

Include the following information:

1. Type of vulnerability (e.g., authentication bypass, API key exposure, injection attack)
2. Full description of the vulnerability
3. Steps to reproduce the issue
4. Potential impact of the vulnerability
5. Suggested fix (if you have one)
6. Your contact information for follow-up

• Acknowledgment: We will acknowledge receipt of your vulnerability report within 48 hours
• Updates: We will send you regular updates about our progress
• Timeline: We aim to release a fix within 7-14 days for critical vulnerabilities
• Credit: We will credit you in our security advisory (unless you prefer to remain anonymous)

Never expose your API keys:

# ❌ DON'T: Hardcode API keys client = VedikaClient(api_key="vk_live_your_actual_key") # ✅ DO: Use environment variables import os client = VedikaClient(api_key=os.getenv("VEDIKA_API_KEY"))

Use .gitignore:

# Add to .gitignore .env .env.local *.key credentials.json

Rotate compromised keys immediately:

If you accidentally expose your API key:

1. Immediately revoke it at https://vedika.io/dashboard.html
2. Generate a new key
3. Update your application with the new key
4. Review API logs for unauthorized usage

Always validate user input:

from datetime import datetime def validate_birth_details(details: dict) -> bool: """Validate birth details before sending to API.""" required_fields = ['datetime', 'latitude', 'longitude'] # Check required fields if not all(field in details for field in required_fields): return False # Validate latitude (-90 to 90) if not -90 <= details['latitude'] <= 90: return False # Validate longitude (-180 to 180) if not -180 <= details['longitude'] <= 180: return False # Validate datetime format try: datetime.fromisoformat(details['datetime'].replace('Z', '+00:00')) except ValueError: return False return True

The SDK enforces HTTPS for all API requests. Never modify the base URL to use HTTP:

# ✅ HTTPS (default and required) client = VedikaClient( api_key=os.getenv("VEDIKA_API_KEY"), base_url="https://vedika-api-854222120654.us-central1.run.app" ) # ❌ HTTP (will fail) # DO NOT attempt to use HTTP

Respect rate limits to prevent account suspension:

import time from vedika.exceptions import RateLimitError def safe_api_call(client, *args, **kwargs): """Make API call with exponential backoff on rate limit.""" max_retries = 3 retry_delay = 1 for attempt in range(max_retries): try: return client.ask_question(*args, **kwargs) except RateLimitError: if attempt < max_retries - 1: time.sleep(retry_delay) retry_delay *= 2 # Exponential backoff else: raise

Never expose sensitive information in error messages:

try: response = client.ask_question(...) except Exception as e: # ❌ DON'T: Log full error with potentially sensitive data # logger.error(f"API call failed: {e} with data: {birth_details}") # ✅ DO: Log sanitized error message logger.error("API call failed. Check logs for details.") # Store detailed error in secure logs only

Keep dependencies up to date:

# Check for security vulnerabilities pip install safety safety check # Update dependencies pip install --upgrade vedika-sdk requests

• Birth details are sensitive: Treat birth information (date, time, location) as PII
• No data retention: Vedika API does not store queries unless explicitly enabled
• GDPR compliant: The API is GDPR compliant for EU users

• Test keys (vk_test_): Limited functionality, safe for development
• Live keys (vk_live_): Full access, use only in production
• Never commit keys: Use environment variables or secret managers

• TLS 1.2+: All API requests use TLS 1.2 or higher
• Certificate validation: The SDK validates SSL certificates
• No proxy support: Direct connections only for security

For security concerns or questions:

• Email: security@vedika.io
• Response time: Within 48 hours
• PGP Key: Available on request

Last updated: November 2025