Overview

file share overview klavi adheres to the following core principles to ensure secure and efficient data exchange bidirectional flexibility "sharing" is defined as either a proactive push or an authorized pull balanced architecture we evaluate every integration based on a trade off between security, compliance, automation, and operational complexity security best practices we prioritize short lived tokens and controlled interfaces over long term credential sharing to minimize the attack surface integration patterns due to klavi's infrastructure being hosted on aws, you may choose one of the following two patterns based on your organization's infrastructure 1 push pattern (klavi → partner) in this pattern, the data provider actively(klavi) pushes files into the requester's environment docid\ qnkgfbhanlocwufnzgt1c direct upload to an s3 bucket in a different account using iam roles docid\ elmfm6hdvfwq5duwidutn secure, keyless authentication for pushing files to google cloud storage docid\ orvacs95qct7kvbfo8ysg sas url can be compared to aws s3's pre signed url, but it is more flexible in terms of permission control the above different patterns are all based on the data provider's (klavi) infrastructure being aws 2\ pull pattern (klavi ← partner) in this pattern, the requester retrieves files from the provider’s environment using pre authorized access docid\ q9dnlqainwoddg83l7 k temporary, time limited urls that grant secure access to specific objects without requiring iam credentials docid\ gqpngh4ohbtwupk5jddka a traditional, robust method for transferring files over a secure data stream for detailed integration guides and architecture references, please consult the platform specific documentation