Python Developer Guide
Other documentationsDemoCommunityGitHub
  • Forest Admin
  • Getting started
    • How it works
    • Quick start
      • Flask
      • Django
    • Create your agent
    • Troubleshooting
    • Migrating legacy agents
      • Pre-requisites
      • Recommendations
      • Migration steps
      • Code transformations
        • API Charts
        • Live Queries
        • Smart Charts
        • Route overrides
        • Smart Actions
        • Smart Fields
        • Smart Relationships
        • Smart Segments
  • Data Sources
    • Getting Started
      • Collection selection
      • Naming conflicts
      • Query interface and Native Queries
        • Fields and projections
        • Filters
        • Aggregations
    • Provided data sources
      • SQLAlchemy
      • Django
        • Polymorphic relationships
    • Write your own
      • Translation strategy
        • Structure declaration
        • Capabilities declaration
        • Read implementation
        • Write implementation
        • Intra-data source Relationships
      • Contribute
  • Agent customization
    • Getting Started
    • Actions
      • Scope and context
      • Result builder
      • Static Forms
      • Widgets in Forms
      • Dynamic Forms
      • Form layout customization
      • Related data invalidation
    • Charts
      • Value
      • Objective
      • Percentage
      • Distribution
      • Leaderboard
      • Time-based
    • Fields
      • Add fields
      • Move, rename and remove fields
      • Override binary field mode
      • Override writing behavior
      • Override filtering behavior
      • Override sorting behavior
      • Validation
    • Hooks
      • Collection hook
      • Collection override
    • Pagination
    • Plugins
      • Write your own
    • Relationships
      • To a single record
      • To multiple records
      • Computed foreign keys
      • Under the hood
    • Search
    • Segments
  • Frontend customization
    • Smart Charts
      • Create a table chart
      • Create a bar chart
      • Create a cohort chart
      • Create a density map
    • Smart Views
      • Create a Map view
      • Create a Calendar view
      • Create a Shipping view
      • Create a Gallery view
      • Create a custom tinder-like validation view
      • Create a custom moderation view
  • Deploying to production
    • Environments
      • Deploy on AWS
      • Deploy on Heroku
      • Deploy on GCP
      • Deploy on Ubuntu
    • Development workflow
    • Using branches
    • Deploying your changes
    • Forest Admin CLI commands
      • init
      • login
      • branch
      • switch
      • set-origin
      • push
      • environments:create
      • environments:reset
      • deploy
  • Under the hood
    • .forestadmin-schema.json
    • Data Model
      • Typing
      • Relationships
    • Security & Privacy
Powered by GitBook
On this page
  • Data Privacy
  • Private by design
  • No third-party vendor tracking
  • Security
  • Tokens
  • IP Whitelisting
  • DMZ & VPN
  • Credentials

Was this helpful?

  1. Under the hood

Security & Privacy

PreviousRelationships

Last updated 3 months ago

Was this helpful?

This is the official documentation of the forestadmin-agent-django and forestadmin-agent-flask Python agents.

Data Privacy

Private by design

When logging into the Forest Admin UI in your browser, you will connect to:

  1. the Forest Admin servers to retrieve the Forest Admin layouts configuration,

  2. the Agent to retrieve your data and populate the Forest Admin UI with it.

As your data is transmitted directly from the Agent hosted on your end and the user browser, it never transits through our servers.

No third-party vendor tracking

Whatever your project plan (free or paying plan), Forest Admin guarantees the respect of data privacy.

In addition, Forest Admin provides an option to completely disable any third-party vendors that could track metadata of your activity available from your browser.

You need to be on a Forest Admin Pro plan ↗ to have access to this feature.

Security

Tokens

The connection to both the Agent and the Forest Admin Servers are protected using 2 different JsonWebTokens signed by 2 different keys:

  1. FOREST_ENV_SECRET to authenticate all requests made to the Forest Admin Servers

  2. FOREST_AUTH_SECRET to authenticate all requests made to the Agent

FOREST_ENV_SECRET is provided by Forest Admin and ensures your Agent interacts with the relevant environment configuration on Forest Admin servers.

FOREST_AUTH_SECRET is chosen freely by you and is unknown by Forest Admin.

Both secrets must never be disclosed to anyone.

The JWT Data Token contains all the details of the requesting user. On any authenticated request to your Agent, you can use that information to implement custom behaviors.

{
  "id": "172",
  "email": "angelicabengtsson@doha2019.com",
  "firstName": "Angelica",
  "lastName": "Bengtsson",
  "team": "Pole Vault",
  "role": "Manager",
  "tags": [{ "key": "country", "value": "Sweden" }],
  "renderingId": "4998",
  "iat": 1569913709,
  "exp": 1571123309
}

IP Whitelisting

The IP whitelisting ↗ feature allows you to create a list of trusted IP addresses or IP ranges from which your admin users can both access to the Forest Admin UI and interact with your Agent.

DMZ & VPN

You're free to host your Agent in the cloud architecture you want to be compliant with your security infrastructure (DMZ, VPN, etc.).

Credentials

We’re already working with companies compliant with the following Industry Standard Certifications.