# Security Overview ## **Introduction** DotApparel stands as a leading SaaS application seamlessly integrating ERP systems with Shopify and other leading platforms, offering a robust, scalable solution for Apparel21 retailers. Our commitment to security and data integrity is paramount, utilising Google Firebase's comprehensive suite of tools, including Auth, Functions, Hosting, and Firestore. This overview outlines the security measures and protocols incorporated to ensure the utmost security for our users. ## **Secure Authentication** DotApparel utilises Firebase Auth to manage user sessions and authentication, supporting various methods, including email and password, third-party providers, and phone authentication. **Key features include:** * SSL/TLS Encryption: All authentication activities are conducted over secure connections. * OAuth 2.0 and OpenID Connect: Standard practices for third-party authentication. * Token Management: Securely generated and managed tokens for authenticated sessions. ## **Serverless Architecture** Leveraging Firebase Functions for serverless compute ensures secure, scalable, and efficient backend code execution. Key features include: * Isolation: Each function operates in its own isolated environment to minimise unauthorised access. * Automatic Scaling: Ensures performance under any load, enhancing reliability and security. * Integrated Security: Functions seamlessly work with Firebase Auth and Firestore Security Rules. ## **Cloud Hosting** Firebase Hosting provides fast, secure, and reliable web hosting with a global CDN, automatic SSL certificate provisioning, and HTTP/2 support. Key features include: * SSL by Default: Ensures all content served over the web is encrypted. * Secure Deployment: Integrated with Cloud Build for secure and automated deployments. ## Realtime Database Firestore, a flexible and scalable database, includes security features for fine-grained access control. Key features include: * Security Rules: Configure read/write access to collections and documents. * Data Encryption: Encrypt data in transit and at rest for confidentiality. * Audit Logs: Integration with Google Cloud's operations suite for monitoring and auditing. ## Apparel21 Integration DotApparel integrates securely with Apparel21 ERP through its Retail API, implementing the following measures: * Static IP and Whitelisted Access: Configured static IP addresses and whitelisted access for authorised connections. * VPN for Developer Access: Regulated developer access via VPN for additional security. * Encryption and Authentication: Industry-standard protocols like TLS ensure data security during transmission, with robust authentication mechanisms in place. ## Shopify Integration DotApparel ensures a secure integration with Shopify through the Shopify Admin API, adhering to best practices: * Access to Shopify Admin API: Secure storage of access tokens for explicit authorisation. * Rate Limiting and Monitoring: Adherence to API rate limits and continuous monitoring for risk mitigation. * Shopify App and Platform Security: Compliance with Shopify's requirements, including OAuth 2.0 for authentication and adherence to data handling and privacy standards. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.dotapparel.com.au/intro/welcome/security-overview.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.