Security
Private procurement data, protected by layered controls.
Security Posture
IndNetGlobal is designed for B2B teams that need public supplier discovery and private operational control in the same platform. Security is applied across identity, organization scoping, request validation, auditability, and deployment configuration.
Account Protection
JWT authentication, refresh token handling, password policy checks, session revocation, device records, and optional two-factor authentication support secure user access.
Organization Isolation
Private procurement records are scoped by organization membership and authorization checks so sensitive BOM, inquiry, quote, approval, and document data stays controlled.
Rate Limiting and Abuse Controls
API throttling, validation pipes, request body limits, CORS allowlists, and structured exception handling reduce abuse and noisy failure modes.
Secure Web Defaults
Security headers, content-type protection, frame blocking, referrer limits, permissions policy, upload cache rules, and production secret validation are enabled by default.
Audit and Traceability
Operational events, login history, suspicious activity signals, approvals, documents, and account actions are designed to leave traceable records for business review.
Responsible Data Handling
The platform separates public marketplace information from private workspace data and avoids publishing sensitive business records without user intent.
Deployment Checklist
Production JWT secrets must be configured through environment variables.
OAuth providers remain disabled until real provider credentials are supplied.
Payment providers are shown only when live configuration exists.
Generated supplier and product records are no longer seeded.
Workspace pages are excluded from public search indexing.
Private API access requires authenticated and authorized users.