Connect Security

TROPIKAL Connect is default-deny. A connected website exposes no business objects until a local admin grants access.

Setup Security

The normal setup flow is one-click from the local admin screen. You do not copy private credentials, signing keys, or endpoint credentials into the Website dashboard.

Your browser receives safe status only. Private setup state stays server-side.

Data Access

Connect integrations discover possible business objects, but discovery does not grant access. An admin must choose Read, Write, or Delete per object.

Read access returns only approved fields. Write access accepts only approved fields. Delete access must be granted separately.

Request Signing

Tropikal calls connected websites with short-lived signed server-to-server requests. The signature binds the request method, path, query, timestamp, nonce, body hash, and installation identifier.

Old requests, replayed requests, modified bodies, wrong paths, wrong queries, unknown installations, and disabled grants are rejected.

Browser Safety

Public browser payloads do not include private credentials, server assertions, signing secrets, refresh tokens, or secret-shaped keys.

Expected validation failures return safe, structured messages. Internal errors are logged privately and shown to users as safe troubleshooting messages.

Audit Trail

Connect records important changes and mutations, including grant changes, create, update, delete, disconnect, and revocation. Logs are designed for correlation and review without storing private credentials.