Skip to main content

How is MindBridge securing my data?

MindBridge secures your data through:
  • Access through API tokens (bearer tokens)
  • Encryption
  • Rate limiting and prevention of distributed denial-of-service (DDoS) attacks
  • Leveraging existing security measures to maintain ISO 27001 and SOC 2 Type 2 compliance

What kind of permissions can be applied to each token?

Each token has scoped access options for specific areas of MindBridge and permitted actions within those areas. Examples include:
  • api.organizations.read — Grants read access to organizations
  • api.organizations.write — Grants write access to organizations
  • api.tasks.write — Grants write access to tasks
  • api.engagements.delete — Grants delete access to engagements

Can tokens be revoked or re-issued?

Tokens can be deleted at any time. While tokens can be renewed, this action does not re-use the existing token, but instead copies the existing settings into a new token.

Can users be deactivated after they have been granted access to the API?

App Admins can delete tokens within the application.

How are permissions configured?

App Admins can set specific permissions for each token based on user roles, allowing certain aspects of the API to be accessible to some users while restricted for others. Note: Tokens must be stored securely.