Q/ Does a webpage's raw data get submitted to Crownpeak through API call? A/ Yes. A json response with the list of errors found on the page is returned.
Q/ Is there a need to download the list of rules and validation to run on the AEM? A/ No.
Q/ Are the submitted raw data stored at Crownpeak's side before it is processed? A/ Yes, retention policy is 2 days.
Q/ What are the checks / security procedures in place to safeguard the webpage content? A/ The data is transferred securely over HTTPS and it is stored as plain text. The use of the AEM plugin is initiated by the user. If they are publishing data of an extremely confidential nature they can choose not to use the plugin.
Q/ How are the API keys secured at Crownpeak's side? A/ The keys are issued by AWS Amazon API Gateway and stored in our database, in which only authorised Crownpeak operational personnel have access to the database
Q/ What happens if an API key is compromised? A/ The key will be revoked in AWS Amazon API Gateway and a new API key will be issued from within the Crownpeak DQM platform, in which only authorised operational personnel have the rights to issue new API keys.
Q/ What are the checks / security procedures in place to safeguard the API keys? A/ The API key usage is reviewed periodically. Any abnormal and/or unexpected usage is raised with the client. In real terms, a compromised API key would only enable someone to submit content and then scan that content for errors.