--- title: "Security & Settings FAQs" slug: "security-amp-settings-faqs" updated: 2025-09-14T12:15:05Z published: 2025-09-14T12:15:05Z --- > ## Documentation Index > Fetch the complete documentation index at: https://help.commbox.io/llms.txt > Use this file to discover all available pages before exploring further. # Security & Settings ### **1. An agent/customer is not able to send a file as an attachment.****How do we resolve this issue?** 1. Using admin credentials, connect to the Agent Workspace. 2. Click the **Settings** icon (Gear icon) and navigate to the **Privacy & Security** module. 3. Click on the **M****edia** tab and select the option to upload files for the agents/customers. 4. Check the box of the desired file types enabled to be sent by the Agent Workspace and choose the maximum file size you wish to send. 5. **Save** the settings at the bottom corner of the screen. **Note:** Specific channels can hold different media permissions. Update the Privacy & Security settings on each relevant channel. ![](https://cdn.document360.io/cce107c7-3390-46bd-a6cf-3120b27c4105/Images/Documentation/image-1702317422447.png) ### 2. How can I change my API key? [Please follow this comprehensive guide.](https://help.commbox.io/docs/api-key) ### 3. Why is the API key changing? **API Key Management** - The **API key** itself is fixed and remains valid until a new one is issued. - For security, the API key is stored within a **Secret** that includes an **expiration date component**. - This expiration mechanism ensures that while the API key remains the same, the **Secret changes daily**, and expired Secrets are rejected by the system. ### 4. How can I see the actual API Key? To extract and view the actual API Key embedded within the Secret: 1. Go to a JWT decoding website such as [www.jwt.io](http://www.jwt.io) .**[](https://jwt.io)** 2. Copy the API Key as it appears on the **CommBox API settings** page. 3. Paste the API Key (encrypted Secret) into the **left-hand input window** of the decoder. 4. In the **decoded payload section** (right-hand side), locate the field labeled **`client_secret`** (highlighted in purple). - The value shown here is the **actual API Key**. ![image.png](https://cdn.document360.io/cce107c7-3390-46bd-a6cf-3120b27c4105/Images/Documentation/image%28199%29.png) ### 5. How can the old and new API Keys work at the same time? CommBox maintains a **master list of all active API keys** issued to clients. This system supports overlapping keys, ensuring continuity during key rotations. Once an API key reaches its **expiration date**, it is **removed from the active list**, and only valid keys remain operational. ### 6. What are CommBox Data backup and recovery policies? CommBox ensures business continuity and data protection through robust backup and recovery processes: - **Redundant Storage** – All data is stored on two separate servers: a **primary production server** and a **dedicated backup server**, both hosted on the **AWS server farm**. - **Retention Policy** – Backups are securely maintained for up to **two weeks**. - **Disaster Recovery** – In the event of production server unavailability, the backup server retains the **entire dataset**, enabling **seamless recovery** with minimal disruption. ### 7. What are CommBox's encryption and data protection policies? **CommBox Encryption and Data Protection Policies** **Encryption and Data Protection** CommBox ensures comprehensive data security by encrypting all data **in transit** using **TLS 1.2+** and **at rest** using **AES-256**, providing end-to-end protection across the platform. **Access Controls and Authentication** The platform enforces **role-based access control (RBAC)** and supports modern authentication methods including **Single Sign-On (SSO)**, **Multi-Factor Authentication (MFA)**, and **OAuth 2.0**, ensuring secure access and authorization. **Regular Security Audits** CommBox undergoes ongoing **third-party penetration tests** and **internal security audits**, aligned with **ISO 27001** standards, to maintain and continuously improve its security posture. ### 8. Do you have file size limit in the system? The file upload limit in the system is 20 MB. Files larger than this may be blocked and fail to upload. If the file you are trying to upload is within the size limit but still fails, the issue may be related to internal restrictions in your organization — such as infrastructure settings or information security policies — rather than a system error. In such cases, we recommend contacting your IT team or your organization’s information security officer for further investigation. You can limit the max allowed further (based on your organization's requirements) in the **Privacy & Security** module in the Media section. ![](https://cdn.document360.io/cce107c7-3390-46bd-a6cf-3120b27c4105/Images/Documentation/image-1757851993920.png) [](https://help.commbox.io/docs/api-key)