Security

Security for broadband operations

How ISPAgents handles security and data: tenant isolation, TLS and session integrity, role-based access, approvals, audit trails, scoped connector secrets, responsible disclosure, and data handling for ISP operations.

Explore platform

Access changes need proof

Billing-driven suspension, RADIUS policy changes, router updates, and CPE commands affect real subscribers. Every customer-impacting action moves through preview, approval, audit, and rollback — nothing changes a live device or a bill silently.

  • Change preview before apply
  • Approval workflows
  • Immutable audit trail
  • One-click rollback evidence

Tenant isolation by design

Each ISP workspace runs in its own isolated database namespace. The tenant is resolved from the request before authentication runs, so operators only ever query their own subscribers, devices, billing, and audit history — there is no shared cross-tenant data path.

  • Isolated database per tenant
  • Tenant context resolved first
  • No cross-tenant queries
  • Per-tenant audit history

Encryption and session integrity

All application and API traffic is served over TLS. Browser sessions use HttpOnly, Secure cookies that fail closed when tampered with, and machine clients authenticate with scoped service keys rather than shared logins.

  • TLS for all traffic
  • HttpOnly + Secure session cookies
  • Fail-closed session validation
  • Scoped per-service API keys

Least privilege and role-based access

Every management route is gated by role-based access control. Operators get only the permissions their role requires, and sensitive actions require an explicit approval step before they reach a device or a subscriber bill.

  • RBAC on every management route
  • Role-scoped permissions
  • Approval gate on sensitive actions
  • Service-to-service authentication

Connector secrets stay controlled

MikroTik, RADIUS, UISP, Splynx, payment, SMS, and WhatsApp connectors run on scoped, server-side credentials that are never exposed to the browser. Connector health is monitored so a failing or revoked credential is visible, not silent.

  • Scoped, server-side credentials
  • Never exposed to the frontend
  • Connector health monitoring
  • Failure and revocation visibility

Responsible disclosure and data handling

Found a vulnerability? Report it privately and we will work with you on a fix and a timeline. We run on managed cloud infrastructure and keep subprocessors limited to what operations require — payments, messaging, and email delivery. Data-processing terms, export, and deletion are available on request.

  • Private vulnerability reporting
  • Limited, operational subprocessors
  • Data-processing terms on request
  • Data export and deletion on request
Report a vulnerability: security@ispagents.com