MERFi Admin Support Hub

Admin Guide | Security Overview | Micro Call Center Guide | Contact

< All Topics
Print

Software Notes

  • User authentication is done using JSON Web Tokens (JWTs) that are verified by server on each request
  • JWTs are digitally signed using HMAC SHA-256 to prevent forging
  • JWTs come with short expiration dates and need to be refreshed regularly during a user session.
  • JWTs are required for all secured server queries
  • API calls are limited by user role authorization; user clients without proper roles cannot attempt API calls
  • No Trust” policy with user interface code; back-end servers do not depend on client for any security
  • WebRTC calls are encrypted on an end-to-end level