Skip to content
Last updated: 2026-04-06
Guide

Security & SSO Configuration

Security features for protecting your Dxtra account and organization data.

Role-Based Access Control

Dxtra uses role-based access control (RBAC) to ensure users only have access to the features and data they need. Manage user roles in Settings > Team in the dashboard.

Available Roles

Role Description
Owner Full administrative access
Admin Full feature access
Business Owner High-level oversight and reporting
Data Protection Officer Compliance management and audit access
Data Controller Processing activity and legal basis management
Developer API access and integration configuration
Auditor / Regulator Read-only compliance review access
Agency Reseller Multi-client management

See Roles and Permissions for detailed permission documentation.

Two-Factor Authentication

Dxtra supports TOTP-based two-factor authentication:

  1. Navigate to Settings in the dashboard
  2. Enable TOTP through security settings
  3. Configure an authenticator app (Google Authenticator, Authy, etc.)
  4. Save backup codes securely

Data Encryption

All data stored in the Dxtra platform is encrypted:

  • At rest -- AES-256 encryption for stored data
  • In transit -- TLS 1.2 or higher for all connections

API Authentication

API access uses JWT-based authentication:

  1. Generate a Personal Access Token (PAT) from Developers in the dashboard
  2. Exchange the PAT for a JWT token via the authentication endpoint
  3. Include the JWT in the Authorization header for API requests

JWT tokens expire after 15 minutes. Refresh tokens are valid for 12 hours.

See API Authentication for details.

Webhook Security

All integration webhooks are secured with multiple layers:

  • DID + DX Key or JWT token -- Organization identification on every request
  • Platform signature verification -- Cryptographic verification (HMAC-SHA256, Stripe signatures, etc.)
  • Payload validation -- Schema validation of incoming webhook bodies

See Webhook Security for details.