Reference
Security
Understand tenant isolation, encryption, sessions, collector keys, CSP and production controls.
Purpose
Wadyu security is based on tenant isolation, Microsoft SSO, encrypted secrets, restrictive headers, audit logs and a minimal collector surface.
Practical workflow
After each production change, check health, PM2, Nginx syntax, API logs, worker logs, SSO start and one relevant customer-scoped API route.
Controls and validation
Verify that ports 3000 and 3306 are not exposed, CSP is restrictive and production origins do not include development URLs.
Security and compliance
Client secrets, Graph tokens, MSAL caches, webhooks and collector keys must never be exposed in documentation, screenshots, exports or support messages.
Common mistakes
Do not rely on the frontend for access control. The API must enforce MSP/customer scope and permissions on every request.