ViaLink

SECURITY

Security Whitepaper

ViaLink is built with data protection and privacy as the top priority. Security is guaranteed end to end — in transit, at rest, and during processing.

Encryption in Transit

TLS 1.3

All API traffic and SDK data transfers are encrypted with TLS 1.3. Anything below TLS 1.2 is rejected.

HTTPS Enforced

Every endpoint accepts HTTPS only, and HTTP requests are redirected with a 301.

Authentication & Access Control

API Key Authentication

Every API call is authenticated with a per-app API Key. Keys are stored hashed with bcrypt and are never exposed in plaintext.

Rate Limiting

Per-IP and per-API-Key request limits block brute-force and DDoS attacks.

CORS Policy

An Origin-based CORS policy ensures that only allowed domains can access the API.

Data Protection

Password Hashing

User passwords are hashed and stored with bcrypt (cost factor 12). Plaintext storage is never used.

Sensitive Data Encryption

Sensitive information such as API Keys and tokens is encrypted at rest with AES-256-GCM.

Data Isolation

In a multi-app environment, data is fully and logically isolated between apps.

Fingerprint Privacy

De-identified Processing

A fingerprint is a hash combining IP, OS, device model, resolution, and more — it cannot identify an individual.

Automatic Expiry (72h TTL)

Fingerprint data is kept in Redis for only 72 hours and is automatically deleted afterward.

Optional IDFA/GAID Collection

Advertising identifiers are collected only with user consent and are used solely for deterministic matching.

Infrastructure Security

Container Isolation

Every service runs in a Docker container under the principle of least privilege.

Network Segmentation

Internal services (DB, Redis) run on a private network with external access blocked.

Automated Monitoring

Health-check failures and abnormal traffic trigger real-time alerts for immediate response.

Logging & Auditing

API Request Logging

Every API call is logged with request/response metadata (excluding payload bodies).

Access History Tracking

Audit logs are kept for key actions such as dashboard logins and link create/update/delete operations.

Log Retention

Audit logs are retained for at least 90 days and can be extended to meet compliance requirements.

Security Inquiries

If you have discovered a security vulnerability or have a security-related question, please reach out below.

help@aresjoy.com