Skip to main content
Report issues affecting Xquik’s application programming interface (API), Model Context Protocol (MCP) server, OAuth 2.1 flows, webhooks, software development kits (SDKs), or documentation to security@xquik.com. Do not open a public issue, discussion, or pull request for a vulnerability.

What to include

Include these details when available:
  • A clear description of the issue
  • Reproduction steps and affected URLs
  • Request and response samples with secrets removed
  • The affected endpoint, SDK version, or documentation page
  • The expected impact
  • A suggested mitigation
Never send API keys, passwords, session cookies, or personal data.

Response targets

Xquik reviews private reports against these targets:
  • Acknowledgement within 24 hours
  • Initial triage within 72 hours
  • A mitigation plan after triage
Critical issues receive immediate priority.

Scope

The security contact covers:
  • docs.xquik.com
  • The Xquik REST API
  • The Xquik MCP server
  • OAuth 2.1 flows
  • Webhook signature verification
  • Published Xquik SDKs
Send product support questions to support@xquik.com.

Safe harbor

Xquik supports good-faith security research that avoids privacy violations, data destruction, and service interruption. Allow reasonable time for remediation before public disclosure.
Last modified on July 16, 2026