WOZTELL Security Overview

WOZTELL Security Overview

WOZTELL deploys an extensive set of security and data protection measures to meet your security requirements, without sacrificing flexibility & usability in your bot building journey.

WOZTELL Infrastructure Overview

WOZTELL Infrastructure
WOZTELL Infrastructure

Identity Management

WOZTELL makes sure the right people gets the right access to different functions and information. We starts with a strong security foundation on user account creation using 2FA & strong password, down to assigning roles & permissions to address identify security challenges.

  • Two-factor authentication
  • Strong password requirement
  • Session management
  • WOZTELL app provisioning
  • Role-based user access control

Data Protection

WOZTELL's backend encrypts Data-at-rest using AES-256 and Data-in-transit using TLS v1.2. Apart from that, there are a variety of tools to provide further control on data protection.

  • Enterprise Backend Key Management (Enterprise & Dedicated Cloud only)
  • Audit trail
  • Developer backend log
  • Channel & integration management
  • API & bot access token management

Information governance

Each company governs their data differently. WOZTELL offers the flexibility for enterprise to devise their own governance & risk management strategy, without compromising the bot building experience.

  • Global data retention policies
  • Data exports
  • Custom terms of service (Enterprise & Dedicated Cloud only)

Webhooks

WOZTELL webhook receiver requires valid HTTPS/TLS certificate.

For webhook validation, all the webhook event would come with a signature ("X-Woztell-Signature") in the header for validation purposes. Each webhook event could be validated using the following method.

  1. Using the HMAC-SHA256 algorithm with the channel secret as the secret key, compute the digest for the request body.

  2. Confirm that the Base64-encoded digest matches the signature in the X-Woztell-Signature request header.

Open API

In order to make use of the WOZTELL's Open API, scoped access token is required. The obtained token cannot gain access to data of another app.

Please refer to access token for the procedures.

Bot API

Valid HTTPS/TLS certificate is provided for calling WOZTELL's Bot API.