# Security & Privacy {% hint style="success" %} This is the official documentation of the `@forestadmin/agent` Node.js agent. {% endhint %} ## Data Privacy ### Private by design When logging into the **Forest Admin UI** in your browser, you will connect to: 1. the **Forest Admin servers** to retrieve the **Forest Admin layouts configuration**, 2. the **Agent** to retrieve your **data** and populate the Forest Admin UI with it. {% hint style="success" %} As your data is transmitted directly from the Agent hosted on your end and the user browser, **it never transits through our servers**. {% endhint %} ![](https://3861847666-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F9UN5oBJhgzLadOqi7jx6%2Fuploads%2Fgit-blob-a89c389c851b3589e97f5113585e3c0456896089%2Fsecurity-privacy-architecture.png?alt=media) ### **No third-party vendor tracking** {% hint style="success" %} Whatever your project plan (free or paying plan), Forest Admin guarantees the respect of data privacy. {% endhint %} In addition, Forest Admin provides an option to completely disable any third-party vendors that could track metadata of your activity available from your browser. {% hint style="info" %} You need to be on a [Forest Admin Pro plan](https://www.forestadmin.com/pricing) to have access to this feature. {% endhint %} ![](https://3861847666-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F9UN5oBJhgzLadOqi7jx6%2Fuploads%2Fgit-blob-c4a220793ddad97134914afd4e8eef39e2a934da%2Fsecurity-privacy-no-3rd-party.png?alt=media) ## Security ### Tokens The connection to both the **Agent** and the **Forest Admin Servers** are protected using 2 different JsonWebTokens signed by 2 different keys: 1. `FOREST_ENV_SECRET` to authenticate all requests made to the **Forest Admin Servers** 2. `FOREST_AUTH_SECRET` to authenticate all requests made to the **Agent** ![](https://3861847666-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F9UN5oBJhgzLadOqi7jx6%2Fuploads%2Fgit-blob-021f9294f4b74977b0b412f410c8e1b8984c94bd%2Fsecurity-privacy-jwt.png?alt=media) {% hint style="warning" %} `FOREST_ENV_SECRET` is provided by Forest Admin and ensures your Agent interacts with the relevant environment configuration on Forest Admin servers. `FOREST_AUTH_SECRET` is chosen freely by you and is unknown by Forest Admin. Both secrets must never be disclosed to anyone. {% endhint %} The JWT Data Token contains all the details of the requesting user. On any authenticated request to your Agent, you can use that information to implement custom behaviors. ```json { "id": "172", "email": "angelicabengtsson@doha2019.com", "firstName": "Angelica", "lastName": "Bengtsson", "team": "Pole Vault", "role": "Manager", "tags": [{ "key": "country", "value": "Sweden" }], "renderingId": "4998", "iat": 1569913709, "exp": 1571123309 } ``` ### IP Whitelisting The [IP whitelisting](https://docs.forestadmin.com/user-guide/project-settings/security-tab#ip-whitelisting) feature allows you to create a list of trusted IP addresses or IP ranges from which your admin users can both access to the **Forest Admin UI** and interact with your **Agent**. ![](https://3861847666-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F9UN5oBJhgzLadOqi7jx6%2Fuploads%2Fgit-blob-6a8dc1b740c1d7c2d96da63874e5c1ff05356485%2Fsecurity-privacy-ip-whitelist.png?alt=media) ### **DMZ & VPN** You're free to host your **Agent** in the cloud architecture you want to be compliant with your security infrastructure (DMZ, VPN, etc.). ![](https://3861847666-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F9UN5oBJhgzLadOqi7jx6%2Fuploads%2Fgit-blob-2d1076c9f16fca5172b970e79973964e728b3ab2%2Fsecurity-privacy-dmz-vpn.png?alt=media) ### Credentials We’re already working with companies compliant with the following Industry Standard Certifications. ![](https://3861847666-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F9UN5oBJhgzLadOqi7jx6%2Fuploads%2Fgit-blob-2a963971480a67c50e34054812f75448c043567e%2Fsecurity-privacy-credentials.png?alt=media) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.forestadmin.com/developer-guide-agents-nodejs/under-the-hood/security-privacy.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.