How the Platform restricts access to our data?

We need to be assured that Platform can restrict access to our data, and is only used by our users. How will this be accomplished?

Our Platform is a multi-tenant system. Each project data is isolated and direct access is needed to work with the project data. There are 2 APIs for working with users' data of a project:

• User API - this API is included into SDK and is useful in application client side. User API gives a user access to his data only. The key to data access is the "access token". Each user device should be registered in the project and get a unique "access token" (POST/user/login).

  SDK uses the device keychain to save the "access token" from theft.

• Partner API - this API is used to manage all project data. This API is used in our Platform Console and can be used for any integration with your systems. Access the Partner API is implemented by login and password (POST/partner/login). Where: the login is the Project ID, the password is the project Private Key. The Private Key can be found in the Settings of your project. Only the project members can see this Private Key and have access to the project data. To manage the project members, see the following document:

pageMember