Report issues affecting Xquik’s application programming interface (API), Model Context Protocol (MCP) server, OAuth 2.1 flows, webhooks, software development kits (SDKs), or documentation to security@xquik.com.
Do not open a public issue, discussion, or pull request for a vulnerability.
What to include
Include these details when available:
- A clear description of the issue
- Reproduction steps and affected URLs
- Request and response samples with secrets removed
- The affected endpoint, SDK version, or documentation page
- The expected impact
- A suggested mitigation
Never send API keys, passwords, session cookies, or personal data.
Response targets
Xquik reviews private reports against these targets:
- Acknowledgement within 24 hours
- Initial triage within 72 hours
- A mitigation plan after triage
Critical issues receive immediate priority.
Scope
The security contact covers:
docs.xquik.com
- The Xquik REST API
- The Xquik MCP server
- OAuth 2.1 flows
- Webhook signature verification
- Published Xquik SDKs
Send product support questions to support@xquik.com.
Safe harbor
Xquik supports good-faith security research that avoids privacy violations, data destruction, and service interruption. Allow reasonable time for remediation before public disclosure. Last modified on July 16, 2026