Authenticated account routes
Report history, notifications, API key management, analytics, and workspace actions require authenticated access.
Smart file malware and anomaly scanning
Security controls built into the product flow
ViroVanta is not positioned as a marketing shell over open file upload. The workspace is designed around authenticated access, ownership-scoped data, and controlled processing paths.
Key points
- Authenticated routes are tied to the signed-in account
- Sensitive API responses are marked no-store
- Operational actions are separated from guest access
Identity first
Access controls
Ownership-scoped data
User-facing report and analytics retrieval is tied to the authenticated account rather than broad shared access.
Admin route separation
Administrative actions are separated from standard user flows and require elevated authorization.
Request handling
API protections
Rate-limited auth and lookup routes
Authentication and account-adjacent endpoints use dedicated rate limits to reduce abuse pressure.
Sensitive response caching disabled
Authenticated and security-sensitive responses are marked to avoid unintended browser or proxy retention.
Bearer-only interactive account actions
Interactive account operations such as notifications and API key management are restricted to bearer-authenticated sessions.
Scaling posture
Operational security direction
Background queue processing
Queued scan execution keeps uploads and processing decoupled so workloads can be handled more safely under load.
Persistent report records
User history and analytics are stored persistently so decision records are tied back to the account that initiated them.
Storage and worker isolation roadmap
The platform is structured to keep improving storage, worker isolation, and scanning boundaries as the service scales.
Next step
Review the product in a real secure flow
Use the public scan for evaluation or open an account to see how reports, notifications, and ownership controls behave together.