Contents x
      Yotpo System Architecture and Security
          Contents

          Yotpo System Architecture and Security

              Article Summary

              Products


              Reviews
              Supported plans

              Free, Starter, Pro, Premium, Enterprise

              eCommerce Platform

              N/A

              This article provides an overview of the Yotpo system architecture.

              General architecture

              A very powerful API that does most of the heavy lifting for our major projects is at the core of Yotpo.

              Yotpo back office

              The Yotpo back office is the place for the website owner to manage the entire Yotpo solution. Here the owner can define emails, look and feel, coupons, and integration to other complementary services they use.

              Yotpo on-site presence

              The Yotpo offering includes several types of widgets. Widgets are different ways to populate content that was created using Yotpo in the website. All of the above-mentioned projects make use of the Yotpo API. Another purpose of this API is to allow our customers to extend the core functionality of Yotpo. 

              Technologies

              Real-time capabilities

              Today, Yotpo serves about 5 billion requests a month on its entire platform. To cope with such loads, Yotpo invests heavily in caching and static serving infrastructures. We have a strong cache layer implemented above Redis at the API level. Yotpo uses a content delivery network to serve all of its content on a global scale (static and dynamic).

              Infrastructure

              The Yotpo architecture was designed and built from day one for scalability. The main parts for scale in the system is the On-Site Presence Components and the Yotpo API. Those parts of the system should have the ability to serve billion of monthly requests in excellent SLAs.Yotpo makes use of Dynamic CDN’s solution, which offers the following benefits:

              1. Removing stress and bottlenecks from the Yotpo API.
              2. Improve delivery performance in terms of response time in different geographical regions.

              System security, backups, and DR

              Server environment and deployment

              Yotpo makes use of the AWS VPC (virtual private cloud) service, and the server deployment is divided into two main subnets, while only one is connected to an internet gateway. All servers are located in the private subnet and access the internet through a NAT that sits on the public subnet. Yotpo connections through a VPN (virtual private network) which is connected to the office.

              Databases

              All databases are located on the private subnet in the VPC and do not have public access. The users' information (personal or public) is encrypted using AWS/KMS.

              Application log-in mechanism

              Yotpo implements the OAuth2 paradigm for all sign-in mechanisms. Each user account in our system is considered an OAuth application, and inherently only has access to appropriate resources.

              Admin access

              Customers' accounts can be accessed from an Admin panel that is available to support, customer success and other executives in the company. This Admin is secured with two-step verification and a secured VPN.

              Databases

              RDS: Yotpo uses AWS RDS snapshot capabilities. We perform daily backups.

              Was this article helpful?
              What's Next

              PRODUCT

              RESOURCES

              PARTNERSHIPS

              COMPANY

              SUPPORT

              footer-logo

              Terms of Service

              Terms of Use

              Security

              Privacy Policy