📄️ Security Overview
Security architecture and best practices for Ever Gauzy deployments.
📄️ Data Protection
Data handling practices, GDPR compliance, and privacy controls.
📄️ Rate Limiting
API rate limiting and throttling configuration powered by @nestjs/throttler.
📄️ Audit Logging & Observability
Track changes to critical data with audit logging, and monitor application health with structured logging and observability tools.
📄️ CORS Configuration
Cross-Origin Resource Sharing settings for the API.
📄️ Authentication Flows
Detailed documentation of all authentication flows, including login, passwordless sign-in, workspace switching, and social account linking.
📄️ Token Lifecycle
Detailed documentation on JWT token structure, validation strategies, token rotation, and revocation.
📄️ Password Security
Password hashing algorithms, policy enforcement, and secure password reset flows.
📄️ OAuth App Authorization (Server-to-Server)
For third-party integrations, an OAuth 2.0-style authorization code flow is supported for server-to-server communication.