Security & Data Privacy

Apoyo employs robust, enterprise-grade security measures to protect your workspace, your proprietary data, and your customers' interactions. Most of these protections run automatically in the background, ensuring a secure environment without requiring complex configuration on your end.

Key Features

• Domain Whitelisting: Restrict exactly which websites are allowed to load and interact with your AI chat widget.
• Strict File Validation: Prevents malicious file uploads by analyzing the actual file contents (Magic Bytes), not just the file extension.
• Content Sanitization: Automatically strips malicious scripts and HTML from Help Center articles and Feedback posts to prevent Cross-Site Scripting (XSS) attacks.
• Credential Protection: API keys and access tokens (like Slack or Notion tokens) are strictly redacted before data is ever sent to the browser, ensuring your private keys cannot be leaked.
• CSRF Protection: Uses secure, randomly generated nonces in HttpOnly cookies to protect your account during external OAuth connections like Slack and Notion.

How to Use

While most of Apoyo's security features operate silently, you have direct control over where your widget can be deployed.

Securing Your Widget (Allowed Domains)

To prevent bad actors from taking your embed code and putting your bot on their own unauthorized websites, you should set up Allowed Domains:

1. Navigate to the Embed & Install tab in your Apoyo dashboard.
2. Locate the Allowed Domains (Security) field.
3. Enter a comma-separated list of the domains where your widget should operate (e.g., example.com, myapp.io).
4. Once saved, the Apoyo API will explicitly block chat requests and configuration fetches originating from any domain not on this list.

File Security & Magic Bytes

When users or agents upload attachments to the chat, Apoyo doesn't trust the file extension. The system reads the raw file buffer to verify the "Magic Bytes" (the actual file signature). If a user renames a malicious executable to .png or .pdf, Apoyo will detect the spoofed MIME type and block the upload.

Anti-Spam & Rate Limiting

To prevent bot spam, malicious payloads, and quota exhaustion, strict IP-based rate limits protect all public portals:

• Chat: 10 messages per minute.
• Ticketing: 3 support tickets per minute.
• Forum Posting: 10 new feedback posts per minute.
• File Uploads: 5 uploads per minute.

Content Sanitization (XSS Prevention)

If you publish custom HTML in your Help Center articles, Apoyo's backend uses strict sanitization to strip out any potentially dangerous tags (like <script>, <iframe>, or on* event handlers). This ensures your Help Center cannot be used to execute malicious scripts.

Important Notes (or Pro Tips)

• SSRF Protection: When you ask Apoyo to crawl a website or trigger a webhook, the system utilizes Server-Side Request Forgery (SSRF) protection. It will actively block attempts to resolve local networks, private IP addresses (e.g., 192.168.x.x), or localhost, preventing bad actors from probing your internal infrastructure.
• Row Level Security (RLS): Your database tables are secured using strict Row Level Security policies. This means that at the database level, users and agents can only read or modify data that belongs directly to their authenticated workspace.