ποΈ API Security Best Practices
Comprehensive API security patterns and practices used in Ever Gauzy.
ποΈ Security Overview
Security architecture and best practices for Ever Gauzy deployments.
ποΈ Data Protection
Data handling practices, GDPR compliance, and privacy controls.
ποΈ Tenant Isolation
How Ever Gauzy ensures complete data isolation between tenants.
ποΈ Input Validation & Sanitization
How Gauzy validates and sanitizes all incoming data.
ποΈ Rate Limiting
API rate limiting and throttling configuration powered by @nestjs/throttler.
ποΈ File Upload Security
Security controls for file uploads in Ever Gauzy.
ποΈ CORS Configuration
Cross-Origin Resource Sharing settings for the API.
ποΈ Secret Management
Best practices for managing secrets and sensitive configuration.
ποΈ Authentication Flows
Detailed documentation of all authentication flows, including login, passwordless sign-in, workspace switching, and social account linking.
ποΈ Tenant API Keys
Programmatic API access using tenant-scoped API keys.
ποΈ Audit Logging
Track user actions and system events for compliance and security auditing.
ποΈ Token Lifecycle
Detailed documentation on JWT token structure, validation strategies, token rotation, and revocation.
ποΈ Password Security
Password hashing algorithms, policy enforcement, and secure password reset flows.
ποΈ OAuth App Authorization (Server-to-Server)
For third-party integrations, an OAuth 2.0-style authorization code flow is supported for server-to-server communication.
ποΈ Public Endpoint Data Exposure
How to prevent information leaks through TypeORM relation loading in public API endpoints.
ποΈ Content Security Policy (CSP)
Configure Content Security Policy headers for XSS protection.
ποΈ API Rate Limiting Deep Dive
Protect your API from abuse with rate limiting.
ποΈ XSS and CSRF Prevention
Protect against Cross-Site Scripting and Cross-Site Request Forgery.
ποΈ Security Headers Reference
Complete list of recommended security headers for production deployments.
ποΈ JWT Token Management
Deep dive into JWT-based authentication.
ποΈ Vulnerability Scanning
Automated security scanning for the Gauzy codebase.
ποΈ OAuth2 & Social Auth Flows
Configure social login and OAuth2 authentication.
ποΈ Data Encryption
Encryption at rest and in transit for Gauzy deployments.
ποΈ GDPR & Compliance
Data protection and regulatory compliance in Ever Gauzy.