Vectice Docs
API Reference (Latest)Vectice WebsiteStart Free Trial
Latest
Latest
  • 🏠Introduction
    • Vectice overview
      • Autolog
      • Next-Gen Autolog [BETA]
      • AskAI
      • Vectice for financial services
  • 🏁Quickstart
    • Getting started
    • Quickstart project
    • Tutorial project
    • FAQ
  • ▶️Demo Center
    • Feature videos
  • 📊Manage AI/ML projects
    • Organize workspaces
      • Create a workspace
      • Workspace Dashboard
    • Organize projects
      • Create a project
      • Project templates best practices
    • Invite colleagues
    • Define phase requirements
    • Collaborate with your team
  • 🚀Log and Manage Assets with Vectice API
    • API cheatsheets
      • Vectice Python API cheatsheet
      • Vectice R API cheatsheet
    • Connect to API
    • Log assets to Vectice
      • Autolog your assets
      • Log datasets
      • Log models
      • Log attachments and notes
      • Log code
      • Log a custom data source
      • Log assets using Vectice IDs
      • Log dataset structure and statistics
      • Log custom metadata in a table format
      • Log MLFLow runs
    • Retrieve assets from app
    • Manage your assets
    • Manage your iteration
    • Preserve your code and asset lineage
  • 🤝Create Model documentation and reports
    • Create model documentation with Vectice Reports
    • Streamline documentation with Macros
    • Auto-document Models and Datasets with AskAI Prompts
    • Document phase outcomes
  • 🗂️Admin Guides
    • Organization management
    • Workspace management
    • Teams management
    • User management
      • User roles and permissions
      • Update a user role in your organization
      • Activate and deactivate users
      • Reset a user's password
    • Manage report templates
  • 🔗Integrations
    • Integrations Overview
    • Integrate Vectice with your data platform
  • 💻IT & Security
    • IT & Security Overview
    • Secure Evaluation Environment Overview
    • Deployment
      • SaaS offering (Multi-Tenant SaaS)
      • Kubernetes self-hosted offering
        • General Architecture & Infrastructure
        • Kubernetes on GCP
          • Appendices
        • Kubernetes on AWS
          • Appendices
        • Kubernetes on Azure
          • Appendices
        • GCP Marketplace deployment
        • On premise
        • Configuration
      • Bring Your Own LLM Guide
    • Data privacy
    • User management
    • SSO management
      • Generic SAML integration
      • Okta SSO integration
    • Security
      • Data storage security
      • Network Security
        • HTTPS communication
        • Reverse proxy
        • CORS/CSRF
        • VPC segregation
      • Sessions
      • Secrets and certificates
      • Audit logs
      • SOC2
      • Security updates
      • Best practices
      • Business continuity
    • Monitoring
      • Installation guide
      • Customizing the deployments
    • Maintenance & upgrades
    • Integrating Vectice Securely
  • ⭐Glossary
    • Concepts
      • Workspaces
      • Projects
        • Setup a project
      • Phases
      • Iterations
        • Iterative development
      • Datasets
        • Dataset resources
        • Dataset properties
        • Dataset lineage and versions
      • Models
      • Reports
  • 🎯Release notes
    • Release notes
  • ↗️References
    • Vectice Python API Reference
    • Vectice R API Cheatsheet
    • Notebooks and code samples
    • Vectice website
Powered by GitBook
On this page
  • Cookies
  • HttpOnly
  • Secure
  • SameSite
  • Session timeout
  • API keys

Was this helpful?

  1. IT & Security
  2. Security

Sessions

Cookies

Cookies are small pieces of data that websites store on your browser. They are used to remember information about you, such as your login credentials and preferences. Vectice is securing your cookies through HttpOnly, Secure, and SameSite attributes.

HttpOnly

This attribute restricts access to the cookie's content. With HttpOnly enabled, scripts running on a webpage (like JavaScript) cannot access the cookie's value. This is important because malicious scripts could potentially steal cookie data if it were accessible through JavaScript.

Secure

This attribute ensures the cookie is only transmitted over HTTPS connections. Regular HTTP connections are unencrypted, making them vulnerable to eavesdropping. By setting the Secure attribute, the cookie is only sent when the browser communicates with the website over a secure HTTPS connection.

SameSite

This attribute controls when the browser sends the cookie and requests to the same website or different websites.

Session timeout

Keycloak is used to manage session timeouts to ensure your account security. We understand that protecting your data is paramount, and Keycloak employs several mechanisms to achieve this:

Values for the following parameters can be customized to match your needs.

  • Idle session: Expires after inactivity to prevent unauthorized access on unattended devices.

  • Maximum session lifespan: Enforces a session expiration regardless of activity for added security.

  • Access token lifespan: Limits the validity of tokens used by applications to minimize risk from breaches.

API keys

API keys are secret credentials applications use to access resources on your behalf. Here's how we ensure their security:

  • Deactivation: Disable compromised or unused API keys to regain control and prevent access.

  • Storage: On the Vectice side, API Keys are signed using the HMAC algorithm before being stored in the Database.

  • Security best practices:

    • Rotation: Regularly rotate your API keys to minimize the risk associated with a compromised key remaining active for an extended period. Think of it like changing your passwords – it reduces the window of vulnerability.

    • Store securely: Never share your API keys publicly or store them in plain text. Use secure methods like password managers for safekeeping. Treat them like valuable keys to your digital resources.

PreviousVPC segregationNextSecrets and certificates

Last updated 1 year ago

Was this helpful?

💻