Security

Explore the comprehensive security measures implemented by Picsart to safeguard data and ensure the integrity of its APIs.

General

  • Encryption: All data transmitted between clients and Picsart's servers use at least the TLS1.2 protocol, ensuring data in transit is encrypted and secure.
  • CDN URL Security: Picsart CDN URLs, which host resources, are unique, secure, and inaccessible to web crawlers. They are designed to be complex and resistant to brute-force attacks. Additionally, CDN URLs have a limited lifespan of 24 hours to enhance Security.
  • API Key Management: API Keys that provide access to the backend processing can be changed manually whenever needed, allowing users to rotate keys for enhanced Security.
  • Data Storage: Data is stored on encrypted Google Buckets using the AES256 algorithm, ensuring data-at-rest security.
  • Third-Party Penetration Tests: Picsart conducts third-party penetration tests twice yearly to identify and address potential vulnerabilities proactively.
  • SOC2 Compliance: Picsart is SOC2 compliant and undergoes annual recertification, indicating adherence to stringent security standards.
  • Vulnerability Disclosure Program (VDP): Picsart runs a VDP on Hackerone.

API Access Security

  • API Key and Secret Management: Developers receive an API Key and Secret when creating an application. The Secret should be used exclusively in backend implementations and never exposed in client-side code to minimize the risk of unauthorized access.
  • API Key Provisioning: To safeguard against unauthorized usage due to key extraction from client-side code, it is recommended to provision a new API Key every month. This practice limits the potential misuse of exposed keys.
    • Create a new API Key.
    • Replace the key in your client app.
    • Go to production, and do full rollout.
    • Remove the old API Key.

Picsart Create Editor and the data flow

  • Project/Replay File Encryption: Data within Project/Replay files is encrypted, ensuring that access is restricted to the Picsart Create Editor.

Customer responsibilities

  • Input and Output Resource URL Security: Customers are encouraged to ensure that input and output resource URLs are accessible only behind a sign-in wall, limiting access to authenticated users.
  • Resource URL Authorization: Resource URLs should be permanent but accessible through a special authorization system, and customers are advised to perform URL authorization through temporary headers provided by them.
  • Safelisting Picsart's IP Addresses: To facilitate secure communication, customers should whitelist Picsart's IP addresses, as their Account Success Manager specified.

Upcoming security improvements

Picsart is continually working to enhance Security, and upcoming improvements include:

  • OAuth2 Integration: Picsart backend is being developed to work with OAuth2, adding an additional security layer for API access.
  • Authorized CDN URLs: Picsart plans to introduce authorized ones, further strengthening resource access control.

Read more on Security

You can read more on the general terms of Security at our Trust Center.