New: MCP server monitoring is live. Start free
Intello

Documentation

Security model

This page summarizes how Intello protects your org’s data and secrets when you use the product (and when you connect Slack, email, etc.). It’s written for anyone doing a security review—not only API integrators.

Tenant isolation

  • Every persisted resource carries an org_id. HTTP handlers resolve the caller’s org from the database-backed user record, not from client-supplied identifiers.
  • Store queries use org-scoped methods (GetByIDForOrg, etc.) so cross-tenant reads fail closed with 404 rather than leaking existence.

Authentication

  • The web app signs you in via Supabase; the browser stores the session Intello needs.
  • Direct HTTP API calls use the same identity as a Bearer token; see Authentication if you automate.

SSRF defenses

Spec fetchers validate URLs before connect and re-validate after DNS resolution to mitigate DNS rebinding. Blocked classes include private IP ranges, link-local addresses, and cloud metadata hosts.

Customer impact: you cannot point BYO dependencies at internal-only URLs unless you expose them through a public, validated edge.

Secret storage

OAuth tokens, webhook URLs, and PagerDuty routing keys are stored encrypted at rest (AES-256-GCM envelope). API JSON still appears as plaintext to authorized callers—encryption is transparent in the ORM layer.

Logging hygiene

Operational logs emphasize server-generated identifiers (UUIDs, job ids). User-controlled URLs and secrets must not appear verbatim in client-facing error strings—APIs return generic messages while detailed causes stay in server logs.

Chat and email safety

  • Slack output escapes mrkdwn metacharacters and defangs mass mentions.
  • Email and Teams templates escape HTML to prevent injection.
  • SMTP headers derived from user display names pass through header injection sanitization.

Rate limiting & abuse

  • Authenticated API routes enforce per-IP limits suitable for interactive apps.
  • Public auth and marketing endpoints use stricter buckets to reduce brute force and scraping.

Browser security headers

/api responses ship security headers (HSTS, CSP, frame denial, nosniff, Referrer-Policy, restrictive Permissions-Policy). Don’t embed Intello API responses in frames across origins.

Related topics

Catch OpenAPI breaking changes early

Add your spec—diffs and alerts on every sync. No credit card to start; upgrade for faster polling, Slack or Teams, and more seats.

Start monitoring freeCompare plans