Contents x
      Yotpo System Architecture and Security
        • Dark
          Light
        Contents

        Yotpo System Architecture and Security

          • Dark
            Light
          Article summary

          Products


          Reviews
          Supported plans

          Free, Starter, Pro, Premium, Enterprise

          eCommerce Platform

          N/A

          This article provides an overview of the Yotpo system architecture.

          General architecture

          A very powerful API that does most of the heavy lifting for our major projects is at the core of Yotpo.

          Yotpo back office

          The Yotpo back office is the place for the website owner to manage the entire Yotpo solution. Here the owner can define emails, look and feel, coupons, and integration to other complementary services they use.

          Yotpo on-site presence

          The Yotpo offering includes several types of widgets. Widgets are different ways to populate content that was created using Yotpo in the website. All of the above-mentioned projects make use of the Yotpo API. Another purpose of this API is to allow our customers to extend the core functionality of Yotpo. 

          Technologies

          Real-time capabilities

          Today, Yotpo serves about 5 billion requests a month on its entire platform. To cope with such loads, Yotpo invests heavily in caching and static serving infrastructures. We have a strong cache layer implemented above Redis at the API level. Yotpo uses a content delivery network to serve all of its content on a global scale (static and dynamic).

          Infrastructure

          The Yotpo architecture was designed and built from day one for scalability. The main parts for scale in the system is the On-Site Presence Components and the Yotpo API. Those parts of the system should have the ability to serve billion of monthly requests in excellent SLAs.Yotpo makes use of Dynamic CDN’s solution, which offers the following benefits:

          1. Removing stress and bottlenecks from the Yotpo API.
          2. Improve delivery performance in terms of response time in different geographical regions.

          System security, backups, and DR

          Server environment and deployment

          Yotpo makes use of the AWS VPC (virtual private cloud) service, and the server deployment is divided into two main subnets, while only one is connected to an internet gateway. All servers are located in the private subnet and access the internet through a NAT that sits on the public subnet. Yotpo connections through a VPN (virtual private network) which is connected to the office.

          Databases

          All databases are located on the private subnet in the VPC and do not have public access. The users' information (personal or public) is encrypted using AWS/KMS.

          Application log-in mechanism

          Yotpo implements the OAuth2 paradigm for all sign-in mechanisms. Each user account in our system is considered an OAuth application, and inherently only has access to appropriate resources.

          Admin access

          Customers' accounts can be accessed from an Admin panel that is available to support, customer success and other executives in the company. This Admin is secured with two-step verification and a secured VPN.

          Databases

          RDS: Yotpo uses AWS RDS snapshot capabilities. We perform daily backups.

          Was this article helpful?
          What's Next

          PRODUCT

          RESOURCES

          PARTNERSHIPS

          COMPANY

          SUPPORT

          footer-logo

          Terms of Service

          Terms of Use

          Security

          Privacy Policy