Security Measures

JourneyApps has been designed with security considerations at its core.

For more information about our approach to security, please refer to the embedded Data Security White Paper below:

Data Security White Paper

Application and Data Security

While JourneyApps takes every measure to make the platform secure, it is the application developer's responsibility to secure the application and integrations. This model is known as SSRM: Shared Security Responsibility Model. JourneyApps is responsible for protecting the platform that runs all the services that a customer makes use of. A customer's responsibility is determined by the components and features of the JourneyApps platform that they make use of. More information is provided below.

Data Security

By default, applications in JourneyApps work on a single-tenant model, where every authenticated user has access to all data in the application. Even if the user does not have the ability to use the application to access data, an app's OnlineDB APIs expose access to all data in the deployment by default.

If greater isolation is required between data for different users, the following is required:

  1. Configure sync rules to specify the data stored offline on devices.

  2. Configure data access control rules to specify the data the user can read and/or modify.

CloudCode and API Security

The application developer must ensure that API tokens are kept secure.

CloudCode web tasks are open to the internet. Each task must implement authentication to avoid unauthorized access. For details, see Trigger CC via HTTP.

Last updated