Docxpresso user interface is developed over Symfony/Doctrine frameworks and ORM taht already incorporate all standard security procedures against common attacks as code injection or XSS.
Docxpresso may run, if needed, over a Secure Socket Layer (https) so all communications may be encrypted by standard industry protocols.
The backoffice interface is protected by user and password with the standard security measures (encoded passwords, etcetera) that may be enhanced by installation over the https protocol.
All documents and interfaces that are of public access are protected by Hash Message Access Protocol (HMAC) with up to five security levels:
- Level 0: public access granted.
- Level 1: APIKEY required. The APIKEY is generated out of all the request parameters (template id and options), a timestamp, a custom unique id and a secret private key.
- Level 1.5: the same as level 1 but with customizable expiring timestamps (default 24 hours).
- Level 2: The APIKEY expires after its first use so it works as one time token validator.
- Level 2.5: The APIKEY expires after its first use or by a customizable expiring timestamp whatever happens first: so it can only be used once and for a limited period of time.
In principle you do not need to worry for the details because they are taken into account either by Docxpresso configuration or for external calls by the Docxpresso SDK.