Skip to main content
Skip table of contents

Security Settings

Apiboost keeps private data protected using granular access layers.

Security Basics

Apiboost keeps your portal secure through a series of access checks and inherited permissions. Users have internal roles, and separate controls granted to them by access groups. The portal’s content security policy (CSP) is entirely configurable to suit the needs of your organization and keep data safe.

Role-Based Access Control for Internal Users

The first layer of user access granularity is the RBAC for the CMS itself. Everyone who visits the website has an explicit role associated with them. Your admins, product owners, etc. exist as site staff with specific access to Apiboost functionality. A regular, “authenticated” user is given some basic permissions such as viewing restricted products or posting in the forums. The same goes for anonymous users who aren’t logged in, who may be able to view a forum thread since those are public, but not post without registering.

Access Groups

As we previously covered, teams have their own internal hierarchy of access controls. What about the teams themselves though? A team isn’t a user that can be given a role, and even if they could, roles macro-level, paying more attention to the content types than the actual content. For this reason, Apiboost uses Access Groups to administer permissions related to specific product nodes. That way, access to a private product can easily be granted to both teams and individual developers.

Content Security Policy (CSP)

Apiboost uses Security Kit for Drupal to administer CSP. Click here to learn more.

The Security Kit module is a suite of configs that let admins define their own layer of site security for Apiboost. It mitigates many risks involving cross-site scripting (XSS), cross-site request forgery (CSRF) and clickjacking. To access security kit, visit:

Configuration → System → Security Kit settings

Security Kit in Drupal

Check out the specification page for more information on configuring content security policy.

Keep your data secure by configuring access controls and updating them regularly as-needed.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close