At NetHunt CRM, the security of your data is our top priority. When you set up integrations via API or connect AI agents (such as Claude or ChatGPT) using MCP (Model Context Protocol), you can be confident that every interaction is strictly protected.
In this article, we will provide a clear and detailed overview of the technologies that protect your CRM system from unauthorized access and data breaches.
Traffic Encryption and Token Transmission
All data exchanged between your services and NetHunt CRM is transmitted in an encrypted format.
HTTPS Only: We support only secure HTTPS connections. Any attempts to send unencrypted traffic are automatically blocked.
Token Protection in Headers: Access tokens are accepted only through the dedicated
Authorizationheader. NetHunt never accepts or transmits tokens in the request URL, as such links may be unintentionally stored in browser history or system logs.
Reliable Authentication: API Keys and Passwords
We have developed a multi-layered permission verification system to prevent unauthorized individuals from gaining access to your workspace.
Cryptographically Secure API Keys: Our API keys are generated using a specialized random number generator with an entropy level of approximately ~187 bits. It is technically impossible to crack such a key through brute-force attacks.
Strict Validation: Every incoming request undergoes a complete server-side verification process. The system instantly checks whether the key exists, whether it has been revoked, whether the user is active, and whether they have the required permissions to perform the requested action within the workspace.
Account Protection: User passwords stored in the database are hashed using the secure bcrypt algorithm. Additionally, we provide protection against password-guessing attacks: after several unsuccessful login attempts, the account is automatically locked.
Integration with AI Agents (MCP and OAuth 2.1)
Connecting artificial intelligence tools and external automation platforms (such as Claude, ChatGPT, and others) is implemented using the latest OAuth 2.1 security standard.
AI Does Not See Your Password: External agents gain access through the authorization code flow with the mandatory PKCE extension (S256 algorithm).
Temporary Access Tokens: One-time codes are used for authorization. Primary access tokens are valid for only 60 minutes, while refresh tokens are continuously rotated (token rotation), making it impossible for attackers to reuse them.
Full Control Over Connections: You can always view all active MCP integrations in your NetHunt CRM settings. You can revoke access at any time — this triggers the cascading revocation of all associated tokens, and access is terminated immediately.
Data Isolation and Access Permissions
Your data is fully isolated from other NetHunt users at the system level.
Server-Side Control: The workspace is identified by the server exclusively based on a validated token. An attacker cannot manipulate request parameters to “redirect” a token to access someone else’s data.
Field-Level Permission Enforcement: The lower layer of NetHunt’s architecture rechecks user permissions for every request. Through the API, an external service or user can access exactly the same data that the user can see in the standard CRM interface — nothing more.
Network Security and Logging
We have minimized any risks of external interference with our infrastructure.
Operational Logs Only: For privacy reasons, NetHunt never logs request/response bodies or access tokens themselves. System logs contain only the technical metadata required to monitor system stability.
Closed Network Perimeter: Only a clearly defined whitelist of secure endpoints is exposed externally. All internal NetHunt microservices and databases are located within the cluster’s private network and are fully isolated from the outside world.
Haven’t found the answers you’re looking for? Ask our Users Community.
