🛡️ Security | Ever Gauzy™ Platform

📄️ API Security Best Practices

Comprehensive API security patterns and practices used in Ever Gauzy.

📄️ Security Overview

Security architecture and best practices for Ever Gauzy deployments.

📄️ Data Protection

Data handling practices, GDPR compliance, and privacy controls.

📄️ Tenant Isolation

How Ever Gauzy ensures complete data isolation between tenants.

📄️ Input Validation & Sanitization

How Gauzy validates and sanitizes all incoming data.

📄️ Rate Limiting

API rate limiting and throttling configuration powered by @nestjs/throttler.

📄️ File Upload Security

Security controls for file uploads in Ever Gauzy.

📄️ CORS Configuration

Cross-Origin Resource Sharing settings for the API.

📄️ Secret Management

Best practices for managing secrets and sensitive configuration.

📄️ Authentication Flows

Detailed documentation of all authentication flows, including login, passwordless sign-in, workspace switching, and social account linking.

📄️ Tenant API Keys

Programmatic API access using tenant-scoped API keys.

📄️ Audit Logging

Track user actions and system events for compliance and security auditing.

📄️ Token Lifecycle

Detailed documentation on JWT token structure, validation strategies, token rotation, and revocation.

📄️ Password Security

Password hashing algorithms, policy enforcement, and secure password reset flows.

📄️ OAuth App Authorization (Server-to-Server)

For third-party integrations, an OAuth 2.0-style authorization code flow is supported for server-to-server communication.

📄️ Public Endpoint Data Exposure

How to prevent information leaks through TypeORM relation loading in public API endpoints.

📄️ Content Security Policy (CSP)

Configure Content Security Policy headers for XSS protection.

📄️ API Rate Limiting Deep Dive

Protect your API from abuse with rate limiting.

📄️ XSS and CSRF Prevention

Protect against Cross-Site Scripting and Cross-Site Request Forgery.

📄️ Security Headers Reference

Complete list of recommended security headers for production deployments.

📄️ JWT Token Management

Deep dive into JWT-based authentication.

📄️ Vulnerability Scanning

Automated security scanning for the Gauzy codebase.

📄️ OAuth2 & Social Auth Flows

Configure social login and OAuth2 authentication.

📄️ Data Encryption

Encryption at rest and in transit for Gauzy deployments.

📄️ GDPR & Compliance

Data protection and regulatory compliance in Ever Gauzy.