Going beyond our already intuitive and agile product suite, we present to you the building blocks kit to make it more bespoke for your business. Our APIs and marketplace apps goes through a stringent security testing process before it is published for integrations.

Secure APIs

Multi-tiered data  security model

Secure Product Build

End-to-end security in product lifecycle

RESTful Architecture

A Framework to programatically secure web services

Securing the building blocks

Enable participation in the API economy in a secure manner through Freshworks’ Application Marketplace. 
Accomplished by implementing a strong authentication mechanism on our API calls, dynamic throttling based on API requests and further simplifying security using a robust yet simple RESTful Architecture.

RESTful Architecture

Adoption of an architectural style that simplifies security. Based on the Representational State Transfer Technology, RESTful enables developers to safely expose web services with fine grained modularity breaking the source code into logically atomic components each with its unique security context.RESTful further enables robust authentication powered by standards like OAuth and JWT.  

Defense in depth using API Gateway

To protect the authentication tokens in transit, the APIs terminate in the gateway (HA Proxy) only on endpoints that accepts  HTTPS over TLS.
OAuth2 is used to authorize all API requests to the target API gateway, without exposing the components deeper in the platform such as Relational Databases and Business logic engines.

Vulnerability Management

All apps that are to be published in Marketplace go through a code review where they are vetted for code quality, correctness, and security.

Securing API requests

Webtokens are further used to secure JSON and HTTPS based transmission for secure  assertion of identity claims between two applications. This addresses Key entropy, latency, reduced attack surface and improves traceability.

API throttling

The number of API calls is throttled (Rate limited) to mitigate application layer DDOS and Brute Force attacks.

API Lifecycle Security

With Security embedded in the API lifecycle, Freshworks provides framework  for developers to create, control, consume our APIs and deprecate their apps. The framework enables serverless computing for developers enabling auto scaling, mitigate obsolescence yet be oblivious about the compute and storage requirements underneath.