Security

Enterprise-grade security for Pinterest automation

MegaToolBox protects sessions, tokens, forms, users, uploads, queues, and publishing logs with layered security controls.

Encryption

Pinterest access and refresh tokens are encrypted at rest using the application encryption key.

OAuth

Official OAuth connection flow supports reconnect, disconnect, health state, and token expiry monitoring.

HTTPS

Production deployments should run behind HTTPS with secure cookies and strict browser security headers.

Password hashing

User passwords are stored with PHP password_hash and verified with password_verify.

CSRF

All POST forms use server-side CSRF tokens to reduce forged form submissions.

Rate limiting

Login, register, contact, and sensitive actions use rate-limit records to reduce brute force abuse.

Token encryption

Token values are never displayed in full and should only be accessed by the OAuth and publisher services.

Audit logs

Security, login, API, cron, publishing, and error events are logged for investigation.