Guides

Security

Explore the comprehensive security measures implemented by Picsart to safeguard data and ensure the integrity of its APIs.

Suggest Edits

General

  • Encryption: All data transmitted between clients and Picsart's servers use at least the TLS1.2 protocol, ensuring data in transit is encrypted and secure.
  • CDN URL Security: Picsart CDN URLs, which host resources, are unique, secure, and inaccessible to web crawlers. They are designed to be complex and resistant to brute-force attacks. Additionally, CDN URLs have a limited lifespan of 24 hours to enhance Security.
  • API Key Management: API Keys that provide access to the backend processing can be changed manually whenever needed, allowing users to rotate keys for enhanced Security.
  • Data Storage: Data is stored on encrypted Google Buckets using the AES256 algorithm, ensuring data-at-rest security.
  • Third-Party Penetration Tests: Picsart conducts third-party penetration tests twice yearly to identify and address potential vulnerabilities proactively.
  • SOC2 Compliance: Picsart is SOC2 compliant and undergoes annual recertification, indicating adherence to stringent security standards.
  • Vulnerability Disclosure Program (VDP): Picsart runs a VDP on Hackerone.

API Access Security

  • API Key and Secret Management: Developers receive an API Key and Secret when creating an application. The Secret should be used exclusively in backend implementations and never exposed in client-side code to minimize the risk of unauthorized access.
  • API Key Provisioning: To safeguard against unauthorized usage due to key extraction from client-side code, it is recommended to provision a new API Key every month. This practice limits the potential misuse of exposed keys.
    • Create a new API Key.
    • Replace the key in your client app.
    • Go to production, and do full rollout.
    • Remove the old API Key.

Picsart Create Editor and the data flow

  • Project/Replay File Encryption: Data within Project/Replay files is encrypted, ensuring that access is restricted to the Picsart Create Editor.

Customer responsibilities

  • Input and Output Resource URL Security: Customers are encouraged to ensure that input and output resource URLs are accessible only behind a sign-in wall, limiting access to authenticated users.
  • Resource URL Authorization: Resource URLs should be permanent but accessible through a special authorization system, and customers are advised to perform URL authorization through temporary headers provided by them.
  • Safelisting Picsart's IP Addresses: To facilitate secure communication, customers should whitelist Picsart's IP addresses, as their Account Success Manager specified.

Upcoming security improvements

Picsart is continually working to enhance Security, and upcoming improvements include:

  • OAuth2 Integration: Picsart backend is being developed to work with OAuth2, adding an additional security layer for API access.
  • Authorized CDN URLs: Picsart plans to introduce authorized ones, further strengthening resource access control.

Read more on Security

You can read more on the general terms of Security at our Trust Center.

Updated 11 months ago