June 16th, 2015

SecureForm: API and Auditing Updates for Database Storage

Your web and/or PDF forms can securely delivery data to you in many ways using LuxSci SecureForm.  One of these ways, saving all of your form post data to a hosted database, is now even more useful:

  • Data can be downloaded and/or deleted using LuxSci’s API
  • Row-level Audit trails are now explicitly maintained for access to database-stored data

Form Database Access using the LuxSci API

LuxSci’s API enables SecureForm customers to manage form posts stored to hosted MySQL databases.  In particular, this makes audited access to stored (and encrypted) data simple, does not require any SQL knowledge, and permits you to determine if access is read only or read and delete.

The API commands available include:

  1. Listing information about all or specific SecureForm configurations in your account
  2. Retrieving metadata about the form posts saved.  E.g. # of posts, first and last row index, first and last date/time posted, etc.  This metadata query makes synchronization a snap.
  3. Retrieve the complete contents of one or many rows (up to 500 at a time).
    1. Works seamlessly, even if the row-data is encrypted at rest in your database.
  4. Retrieve individual files thathave been saved in your database
    1. E.g. re-filled PDF templates, Ink Signatures, and files uploaded by your end users.
    2. Works seamlessly, even if the file-data is encrypted at rest in your database.
  5. Delete individual rows or individual files from your database
    1. Only if you explicitly permit API deletion in your administrative interface.

API access allows you to

  • Synchronize your form post data with external sources
  • Retrieve all “new” posts and perform arbitrary operations with them
  • Download and delete posts as they come in
  • Much more

Download our API Guides (must be logged into LuxSci).

Form Database Auditing

LuxSci has had internal auditing of access to SecureForm database data that is accessed through our web-based form-database reporting tool.  However, this access auditing was coarse and not visible to account administrators.   Now, SecureForm audits every view/download/delete of every row in your SecureForm database storage area, when those operations are performed via the API or via the web based form-database reporting tool.  This audit trail is now visible to account administrators (under the SecureForm reports area) and is accessible via direct SQL commands.

Administrators can also choose to permit deletion of database rows via the web-based form-database reporting tool.

Row-level form database auditing is great for anyone with compliance needs (e.g. HIPAA) … who must record access to sensitive data and keep records of that access going forward.  The audit trail includes not only what row was viewed or deleted, but it also includes the date/time, IP address, and person or entity that performed the action.

Comments are closed.