Security FAQs

General

Question: Does the application use unsupported, insecure, or deprecated client-side technologies such as NSAPI plugins, Flash, Shockwave, ActiveX, Silverlight, NACL, or client-side Java applets?

Answer: No. The client-side code is exclusively JavaScript.

Question: Does Snaplogic provide CSRF protection?

Answer: Yes.

Session management

Question: What are the minimum session soft and hard timeouts?

Answer: Environment admins (Org admins) can configure the session timeout and idle timeout. Both can be between 5 min to 60 min.

Question: Is the user prompted to log in once the session has expired?

Answer: Yes.

Question: Is sensitive data removed from the browser/application after the session has expired?

Answer: We do not store sensitive data in the browser.

Question: Does the application support concurrent logins?

Answer: Yes.

Question: Does the application provide a list of logged-in devices / IPs and an option to log a device out?

Answer: Not currently.

Communication Protocols:

Question: What HTTP protocol version does the SnapLogic Platform use?

Answer: HTTP 1.1.

APIs

Question: Do the application endpoints / APIs have anti-automation controls? i.e., rate limiting protection/CAPTCHA.

Answer: Yes. Each Org has a concurrent and daily API limit. Any request over the limit receives an HTTP 429 response.