Security around "Downloadurl" from WFM API response

Kush · June 26, 2023, 5:11am

WFM APIs like : Agent Schedule, Headcount Forecast , Historical Adherence etc provide "downloadurl" in the JSON response. Few questions around the this link:1. download URL is in the AWS.S3 domain. How does it ensure Data privacy/security.? meaining one customer data is not viewed/sent to another customer ? 2. Do we keep all customers data/link in same table/store? If so, how do you ensure , there are no data breach?2. Download url provided have no security as these are from AWS.S3 bucket. How do you ensure that, these are neither intercepted/ingested or misused over the network.
Business Impact
Security Architecture review is in progress and to complete the review and signoff, we need above detaiuls on priority.

I had raised ticket# https://genesyspartner.force.com/customercare/apex/CaseDetail?id=5004X00001q00XBand as per their direction, I have raised ticket in developers foprum

brian.trezise · June 26, 2023, 1:51pm

This question would be best addressed by your CSM or TAM for specifics, but at a high level:

The URLs have a relatively short expiration time, they're not good forever. Once the link expires, you have to request a new link to access the data in question
All api responses are encrypted by TLS, which guarantees against data interception/man in the middle attacks
Signed URLs only provide direct access to a single dedicated object that is created specifically for the request. Any attempt to change the resource in the path to gain access to something else will be rejected (If the url doesn't match exactly what was signed, the GET request will be rejected).

More information on signed URLs can be found here:

system · July 26, 2023, 1:52pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.