juicebox-security-basics

# Juicebox Security Basics ## Overview Juicebox provides AI-powered people search and analysis, processing datasets containing professional profiles, contact enrichment data, and query results. Security concerns include API key protection, GDPR/CCPA compliance for candidate and contact data, data retention policy enforcement, and ensuring enriched contact information (emails, phone numbers) is not leaked through logs or unencrypted storage. A compromised API key grants access to people search and enrichment capabilities. ## API Key Management ```typescript function createJuiceboxClient(): { apiKey: string; baseUrl: string } { const apiKey = process.env.JUICEBOX_API_KEY; if (!apiKey) { throw new Error("Missing JUICEBOX_API_KEY — store in secrets manager, never in code"); } // Juicebox keys access people data — treat as PII-adjacent console.log("Juicebox client initialized (key suffix:", apiKey.slice(-4), ")"); return { apiKey, baseUrl: "https://api.juicebox.ai/v1" }; } ``` ## Webhook Signature Verification ```typescript import crypto from "crypto"; import { Request, Response, NextFunction } from "express"; function verifyJuiceboxWebhook(req: Request, res: Response, next: NextFunction): void { const signature = req.headers["x-juicebox-signature"] as string; const secret = process.env.JUICEBOX_WEBHOOK_SECRET!; const expected = crypto.createHmac("sha256", secret).update(req.body).digest("hex"); if (!signature || !crypto.timingSafeEqual(Buffer.from(sign...