Going beyond our already intuitive and agile product suite, we present to you the building blocks kit to make it more bespoke for your business. Our APIs and marketplace apps goes through a stringent security testing process before it is published for integrations.
Multi-tiered data security model
End-to-end security in product lifecycle
A Framework to programatically secure web services
Enable participation in the API economy in a secure manner through Freshworks’ Application Marketplace.
Accomplished by implementing a strong authentication mechanism on our API calls, dynamic throttling based on API requests and further simplifying security using a robust yet simple RESTful Architecture.
Adoption of an architectural style that simplifies security. Based on the Representational State Transfer Technology, RESTful enables developers to safely expose web services with fine grained modularity breaking the source code into logically atomic components each with its unique security context.RESTful further enables robust authentication powered by standards like OAuth and JWT.
To protect the authentication tokens in transit, the APIs terminate in the gateway (HA Proxy) only on endpoints that accepts HTTPS over TLS.
OAuth2 is used to authorize all API requests to the target API gateway, without exposing the components deeper in the platform such as Relational Databases and Business logic engines.
All apps that are to be published in Marketplace go through a code review where they are vetted for code quality, correctness, and security.
Webtokens are further used to secure JSON and HTTPS based transmission for secure assertion of identity claims between two applications. This addresses Key entropy, latency, reduced attack surface and improves traceability.
The number of API calls is throttled (Rate limited) to mitigate application layer DDOS and Brute Force attacks.
With Security embedded in the API lifecycle, Freshworks provides framework for developers to create, control, consume our APIs and deprecate their apps. The framework enables serverless computing for developers enabling auto scaling, mitigate obsolescence yet be oblivious about the compute and storage requirements underneath.