Security reviewed by AI
In addition to conventional testing and code review, Carrier Service Factory 4 is continuously checked for security using AI-based analysis, helping to identify and address potential issues early.
The table below gives a high-level overview of the features introduced with Carrier Service Factory 4.
| No. | Feature | Description |
|---|---|---|
| 3.1.1 | Latest frameworks for backend and frontend | Completely rebuilt on the latest .NET generation for a fast, modern and future-proof platform. |
| 3.1.2 | Real-Time Text (RTT, RFC 4103) | Real-Time Text is supported and can be switched on per service with a single option, so text is transmitted in real time alongside voice. |
| 3.2.1 | Advanced HTTP integration | A powerful HTTP integration to connect flows to any web service, with a built-in AI assistant that turns plain-language descriptions into ready-to-use logic and direct access to Dynamic Tables. |
| 3.2.2 | Dynamic Table delta updates | Dynamic Tables save only what actually changed, so very large tables stay fast and several people can edit them at the same time – both in the interface and via the Management API. |
| 3.2.3 | New Flow Editor | A completely redeveloped, web-based flow editor: drag & drop of dozens of blocks, undo/redo, grouping, zoom, reusable ports, parameters and variables, plus embedded help for every block. |
| 3.3.1 | Trigger Flow API | Launch outbound calls and campaigns from your own systems and receive their results back into the flow – a dedicated API with full OpenAPI/Swagger documentation and per-service API keys. |
| 3.3.2 | Resources Management API | Manage resource data such as Dynamic Tables and phone-number lists directly from your systems through a documented REST API secured with API keys. |
| 3.4.1 | Multi-factor authentication | Secure sign-in with multi-factor authentication based on modern identity standards; administrators can enforce MFA for their users. |
| 3.4.2 | Circuit routing & overflow protection | Automatic protection against routing loops and call floods: calls that exceed a configurable threshold are safely rejected. Flexible modes cover both classic loop protection and calls-per-second (CAPS) limiting, can be scoped to selected customer profiles, and apply instantly without a restart. |
| 3.5 | AI tools for service evaluation | A range of AI tools for building and evaluating services – including AI resources for leading providers and AI assistants embedded directly in the platform. |
| 4.1 | Media Path Optimization on by default | Efficient voice paths thanks to media path optimization enabled by default, adjustable per call when needed. |
| 4.1a | Codec renegotiation | Fine-grained control over media path optimization and codec renegotiation to avoid one-way-audio situations in demanding interconnect scenarios. |
| 4.2 | Background announcements | Play a looping announcement in the background while the flow keeps working – for example a "please wait" message during a lookup – and stop it at any time. |
| 4.3 | Configurable caller ID in outbound calls | Set the displayed caller ID (A-number) for an outbound call directly in the call block, with support for variables and parameters. |
| 4.4 | Dedicated permissions for power features | Powerful, script-capable blocks and scripting features are protected by their own permissions, so only authorized users can create or edit them. |
| 4.5 | Voice input with audio opt-in | Callers can respond by speaking or by pressing a key – whichever comes first – combining real-time speech recognition with classic key input in a single step. |
| 4.6 | Versioning of flows (incl. parameters) | Every save creates a version snapshot, including parameters. Compare any two versions in a clear diff view and restore an earlier state with one click; retention is configurable. |
| 5.1.1 | Dark theme & domain themes | Dark-mode toggle plus per-domain white-label theming with your own logo and colors. |
| 5.1.2 | Home / dashboard page | A landing page with call statistics, profile overview and quick access. |
| 5.1.3 | Solutions menu – fast loading | The solutions list loads on demand with server-side search and filtering, staying fast even with very many services. |
| 5.1.4 | Resources menu – fast loading | The resources list loads on demand with server-side search, type filter and sorting across all resource types. |
| 5.1.5 | AI Assistant chats | A full AI chat with saved history and auto-generated titles; private by default and optionally shareable read-only within a customer profile. |
| 5.1.6 | Documentation portal | In-app documentation with an embedded AI help chat. |
| 5.1.7 | FAQ collection | A curated FAQ covering routing/SIP, audio, APIs and more, in German and English. |
| 5.2.1 | Telemetry targets (Grafana / OTLP) | Open telemetry targets configurable per system and per call for live monitoring, for example with Grafana. |
| 5.2.2 | Usage statistics | Insights into how numbers, blocks and resources are used over time. |
| 5.3.1 | Customer profiles (multi-tenant) | Multi-tenant customer profiles with hierarchy and inherited visibility, with a profile selector on every page. |
| 5.4.1 | Tenant-scoped audit log | A per-tenant audit log so administrators only see their own tenant's activity. |
| 5.4.2 | Secrets encrypted at rest | Keys, passwords and other secrets are stored encrypted and are never shown again once saved. |
| 5.4.3 | SSRF protection for outbound HTTP | Outbound HTTP calls from flows are restricted to safe, public targets; internal destinations can be explicitly allow-listed. |
| 5.4.4 | Sandboxed scripting engine | Scripting runs in a safe sandbox with no access to the host system. |
| 5.4.5 | Stable authentication across servers | Authentication stays valid seamlessly across all servers and restarts. |
| 5.4.6 | Spoof-resistant client-IP handling | Client IP addresses are handled in a spoof-resistant way, trusting forwarding information only from the internal proxy. |
| 5.4.7 | Injection & data-leak hardening | Data handling is hardened against injection across queries, commands, file access and downloads, and error messages never expose internal details. |
| 5.4.8 | Per-IP request limit (rate limiting) | Built-in per-IP request limiting protects the APIs and web interface against request floods (DoS) – always on and configurable per surface. |
| 5.4.9 | Warning e-mails on protection triggers | Configurable warning e-mails notify administrators whenever a protection mechanism blocks something, throttled to avoid mail storms. |
| 5.4.10 | AI-assisted security review | The platform is reviewed for security with AI-based analysis in addition to conventional testing, helping to catch potential issues early. |
| 5.5.1 | New resource types | New resource types – including AI resources, enumerations and Dynamic Table definitions – with rich metadata. |
| 5.5.2 | "Used where?" usage tracking | See where each resource is used across all solutions. |
| 5.6.1 | Phrase hints for speech recognition | Phrase hints sourced from Dynamic Tables improve speech-recognition accuracy. |
See also: Carrier Service Factory 4 Features (complete overview) →
