> ## Documentation Index
> Fetch the complete documentation index at: https://docs.trueparser.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Security and Hardening

> Tenant-facing security guidance for authentication, app isolation, and platform protection.

TrueParser is designed so tenant applications authenticate securely, stay isolated from each other, and operate within platform protection controls.

This page focuses on the parts of security that matter to tenant developers and operators.

## 1. Authentication

Tenant applications use machine-to-machine authentication.

### M2M Access

* tenant apps authenticate with `client_id` and `client_secret`
* M2M access uses OAuth 2.0 `client_credentials`
* the API scope for tenant apps is `TrueParser.API`
* access tokens are short-lived and currently configured for 15 minutes

### Token Renewal For M2M

For tenant-facing M2M usage, treat token renewal as re-authentication with the app credentials.

* request a new access token using `client_id` and `client_secret`
* cache and reuse access tokens until they are close to expiry

<Tip>
  A 15-minute access token should not be a bottleneck if your backend reuses the
  token and renews it close to expiry instead of requesting a new token for
  every API call.
</Tip>

## 2. App Isolation

Each tenant app is an isolated machine identity.

* every app has its own `client_id` and `client_secret`
* apps can be enabled or disabled independently
* apps carry their own license region and usage metadata
* plan assignment is tracked per app

This means one app can be rotated, disabled, or reconfigured without affecting other apps in the same tenant.

## 3. Allowed Domains

Apps can store up to three allowed domains as security metadata.

Typical usage:

| Slot               | Recommended Use                                 |
| :----------------- | :---------------------------------------------- |
| `allowed_domain_1` | Production, for example `myapp.com`             |
| `allowed_domain_2` | Staging, for example `staging.myapp.com`        |
| `allowed_domain_3` | Local development, for example `localhost:3000` |

Allowed domains are normalized before storage.

* protocols are stripped
* trailing slashes are removed
* wildcards are rejected
* `localhost` with a valid port is allowed

When configured, these values are included in the app's access token as claims.

## 4. Plan And Usage Protection

Plans control the usage entitlements attached to an app.

* if no plan is assigned, the app can still obtain a token, but the `entitlements` claim is omitted
* if a usable plan is assigned, the token includes usage entitlements
* if a retired plan is assigned, token issuance is blocked

For tenant-facing docs, usage should be understood as **Document Units**.

## 5. Platform Protection

TrueParser protects the platform with runtime and traffic controls.

### Rate Limiting

Rate limiting helps protect sensitive endpoints from abuse and accidental overload.

* authentication and other sensitive endpoints are protected by request limits
* clients should avoid unnecessary token requests
* clients should reuse access tokens until renewal is needed

### Resource Guard

TrueParser also monitors runtime resource pressure to protect platform stability.

* the platform monitors service health and resource pressure
* during overload conditions, requests may be slowed, deferred, or rejected
* this helps preserve stability for all tenants sharing the platform

## 6. Credential Handling

Treat the app secret as a sensitive backend credential.

* the plaintext `client_secret` is shown once when the app is created
* if the secret is regenerated, the new plaintext secret is shown once for that regeneration event
* regenerating a secret invalidates the old one
* store secrets in your own secure secret manager

## 7. Auditability

Security-sensitive operations should be treated as operational events.

* tenant and app lifecycle changes affect access behavior
* credential rotation and plan changes should be tracked in your own operational process
* if access behavior changes unexpectedly, verify app status, tenant status, plan status, and secret validity first
