Q: Can an organisation's IT services team receive administrative rights on the Xoxoday platform?
Xoxoday is delivered as a fully managed Software-as-a-Service (SaaS) solution. Therefore, core administrative rights—such as server-level access, codebase modification, or backend control—are retained by Xoxoday to ensure platform integrity, security, and compliance. However, client IT teams are empowered with administrative capabilities within the platform interface. These include user management, role-based access control, SSO configurations, API integrations, and brand customizations. This model ensures secure control for clients while maintaining a standardized, stable environment.
Q: Does your solution provide administration for access management of the APIs, and what protocols are used for authentication and authorization?
Xoxoday’s product suite provides centralized administration for API access management through its technical support channel, ensuring controlled provisioning, monitoring, and revocation of API access as needed. The platform employs a combination of industry-standard authentication, authorization, and security protocols to safeguard API interactions and maintain data integrity.
Key points:
Access Management: API access and administrative changes are provisioned and managed exclusively via Xoxoday’s technical support team.
Authentication & Authorization Protocols:
OAuth 2.0 for secure, delegated access.
JWT (JSON Web Tokens) for token-based authentication and secure session handling.
Access Controls: Role-Based Access Control (RBAC) with fine-grained permissions to restrict access to authorized users and resources.
Data Security:
TLS 1.2+ encryption for all API communications.
API rate limiting to prevent abuse.
Multi-Factor Authentication (MFA) where required for added security.
Compliance Alignment: All API security measures adhere to ISO/IEC 27001:2022 and SOC 2 Type 2 standards, ensuring enterprise-grade protection.