Glossary Terms

A list of terms and their definitions is typically found in developer documentation, with some being specific to Staffbase terminology.

A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z



A security practice used to control access to a network, system, or service. Allowlisting specifies which users, devices, applications, email domains, or IP addresses are explicitly authorized to access the resources in question. Any entities not on the allowlist are denied access by default.

Application Programming Interface (API)

A set of rules and protocols for building and interacting with software applications. APIs allow different systems to interact with each other programmatically. Staffbase APIs are REST APIs.

API authentication

The process of verifying the identity of a software application or user before allowing access to an API. This ensures that only authorized applications or users can interact with the API.

API token

A unique identifier, in the form of a long alphanumeric string, used to authenticate a request to an API. The API token is used to control access and ensure that the requestor has permission to perform actions with the API.

API request

A call made to a server using an API. An API request includes a method, such as GET or POST, a header, and sometimes a body of data.

Amazon Web Services Simple Email Service (AWS SES)

A cloud-based service provided by Amazon that enables developers and businesses to send and receive emails. SES is designed to help users send marketing, notification, and transactional emails reliably and cost-effectively. It offers various features like email sending and receiving, email tracking (such as delivery, opens, and clicks), and spam and virus filtering. SES is often used for bulk and transactional emailing purposes, providing scalability to handle high volumes of email without the need for managing email server infrastructure.


Basic authentication

A method for an HTTP user agent, such as a web browser, to provide a username and password when making a request. In the context of APIs, it is a simple authentication scheme built into the HTTP protocol.

Brand Indicators for Message Identification (BIMI)

An email authentication standard that allows organizations to display their brand logo in supported email clients next to their email messages. The goal of BIMI is to increase email trust and security by making it easier for recipients to recognize legitimate emails. This also reduces the effectiveness of phishing attacks.


Cipher suites

A set of algorithms and protocols that enable a secure HTTP connection.

Canonical Name (CNAME) record

A type of resource record in the DNS that maps an alias name to a true or canonical domain name. This is useful when you want to associate a subdomain with another domain name, or when multiple domain names should resolve to the same server. For example, if you have a server where your website is hosted under the domain name, and you want to point to the same server, you would create a CNAME record for www pointing to Then, whenever someone types into their browser, the DNS translates that to and directs the user to the correct server.

Client URL (cURL)

A command-line tool and library for transferring data using various network protocols. It is widely used for its versatility and support for a multitude of protocols, including HTTP, HTTPS, FTP, FTPS, SCP, SFTP, LDAP, and more.

Custom domain

A unique branded name that identifies a website on the Internet. It is the web address that you purchase from a domain registrar and use to personalize your website's URL. For instance, instead of using a free domain provided by a web hosting company such as, you can have a custom domain like This not only gives your website a professional appearance but also helps brand recognition and search engine optimization (SEO). Custom domains are crucial for businesses, blogs, and personal brands that want to establish a distinct identity online.

Custom font

A typeface that has been specifically designed or modified for a particular brand, project, or purpose. This distinguishes it from standard, pre-existing fonts available to the public. Unlike common fonts that anyone can widely use, a custom font is unique to the entity it was created for. This offers exclusive branding identity and consistency across various mediums, such as websites, marketing materials, and product packaging.


An email address to indicate where an email originated from. When an email is sent, it has two addresses that indicate its source — a From address that is displayed openly to the message recipient and a MAIL FROM address found in the source code that indicates where the message originated. The MAIL FROM address is called the envelope sender, envelope from, bounce address, or Return Path address. Mail servers use the MAIL FROM address to return bounce messages and other error notifications. The MAIL FROM address is usually only viewable by recipients if they view the source code for the message.

Custom sending domain

Allow users to modify the domain that it appears emails are coming from. Without a custom sending domain, emails take on the name of the platform they are sent from. Staffbase has a limitation that allows us to only add a domain to one unique account. If multiple domains are needed, they must be added directly to the database.

Cascading Style Sheets (CSS)

A stylesheet language used for describing the presentation of a document written in HTML or XML. CSS defines how elements on a web page display, including their layout, colors, fonts, and overall visual appearance.

Comma Separated Values (CSV)

A plain text format used for representing data in a table. Each line in a CSV file corresponds to a row in the table, and each value in that row is separated by a comma. CSV files are widely used for importing and exporting data between different programs, databases, and spreadsheet applications like Microsoft Excel or Google Sheets. They are simple, easy to read, and can be edited with a text editor, making them a popular choice for data exchange and storage for simple tables of information.


Distributed Denial of Service (DDoS)

An attack where multiple compromised systems are used to target a single system, causing a denial-of-service (DoS) attack. These attacks can overwhelm the targeted system with traffic, making the service slow or unavailable.

Delta import

A type of CSV import where only a subset of your user base is updated. This is more efficient than full imports as only the changes are processed.

Domain Key Identified Mail (DKIM)

An email authentication method designed to help protect both email senders and recipients from fraudulent emails, such as spam or phishing attacks. With DKIM, receiving servers verify that the domain owner actually sent the message. You have to turn on DKIM for the domain that sends your email.

Domain-based Message Authentication, Reporting and Conformance (DMARC)

An open email authentication protocol that protects emails at domain level to recognize and prevent email spoofing. Based on the existing SPF and DKIM standards, DMARC is the first and only widely used technology that ensures that the "From" header of the domain is trustworthy. The domain owner can publish a DMARC entry in the DNS and create a DMARC policy that defines what should be done with the email in the event of failed authentication.

Domain Name System (DNS)

A way to translate human-friendly domain names (like into IP addresses that computers use to identify each other on the network. When a website's domain name is typed into a browser, the DNS is queried to find the corresponding IP address, allowing the browser to establish a connection to the website's server. This system is crucial for the functionality of the internet, as it ensures users can easily access websites without having to memorize complex numerical IP addresses. The DNS is a distributed and hierarchical system, with different levels of DNS servers working together globally to ensure efficient and accurate name resolution.


A unique name that identifies a website on the World Wide Web. It's part of a URL, which specifies the address of a web page. Domains are structured hierarchically, with a top-level domain (TLD) at the end, and potentially multiple subdomains before it, allowing for easy navigation and organization of sites on the internet.

Domain verification

Verification that the domain name associated with your email address(es) legitimately belongs to your business or organization. The verification is typically carried out by the third-party service that requires it, such as an email service provider, a web hosting organization, or a domain registrar. The third party automatically checks these settings to confirm that the record exists after the specific DNS record they provide is added to your domain's DNS settings.



A specific location within an API that represents an object or a collection of objects in the API's data model. Endpoints are the touchpoints through which developers interact with services in an API, enabling communication between software systems. Each endpoint in an API provides a different function, allowing for interactions such as retrieving data, posting new information, updating existing data, or deleting data.

Email gateway or edge protection

A type of email server that protects an organization's or users' internal email servers. This server acts as a gateway through which every incoming and outgoing email passes through. The gateway or edge protection solution must be configured with rules and policies, so that emails from Employee Email are permitted to reach your internal mail server within a reasonable amount of time.

Email security applications

Applications within your mail server environment that provide additional security functionality for your organization’s mail server. These could be part of the solution for the email server or separate, and can interact with the mail server directly by providing an additional layer of security.

Email security scanner

A tool that scans incoming and outgoing emails for malicious content, such as viruses, malware, phishing attempts, and spam. The scanner checks email attachments, links, and content to ensure that the messages are safe for the recipient to open and interact with. They are an essential component of email security, helping to protect users and organizations from cyber threats and data breaches.

Employee App

A Staffbase solution that offers you the ability to communicate strategy, unlock engagement, and empower frontline employees through their mobile app.

Employee Email

A Staffbase solution that offers an on-brand email tool to design, deliver, and measure newsletter engagement.

EU hosting infrastructure

The data centers located within the European Union that are used for hosting platforms and serving European-based Staffbase customers, ensuring compliance with EU data protection regulations.


Front Door Intranet

A Staffbase solution that offers a customizable intranet that connects your employees to your company's news, resources, and tools.


Group Policy Management Console

A Microsoft Management Console (MMC) is a tool for managing Group Policy across an organization. It allows administrators to configure and manage Group Policy settings in an Active Directory environment, ensuring consistent and secure configurations for users and computers.

Group Policy Object (GPO)

A feature of Microsoft Windows that allows network administrators to define configurations for both users and computers within an Active Directory environment. GPO enables the centralized management and configuration of operating systems, applications, and users' settings in a Windows domain, ensuring consistency and compliance across the network.


HTTPS (HyperText Transfer Protocol Secure)

An extension of HTTP that is used for secure communication over a computer network, widely used on the Internet. In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS).

Hosting infrastructure

The specific setup and technology stack used to host the Staffbase platform, including the data centers and network resources.


Identity Provider (IdP)

A system that creates, stores, and manages digital identities. IdP provides authentication services to relying applications within a federation or distributed network. Identity providers offer user authentication as a service, confirming the identity of a user attempting to access a system or resource. They are a crucial component in identity management and SSO processes. An IdP typically supports one or more standard authentication protocols, such as SAML, OpenID Connect, or OAuth, to facilitate secure access to various applications and services, across different domains.

IdP session

A session managed by the identity provider where user authentication details are stored. This session determines when a user needs to re-enter their credentials to access connected services.

Internet Message Access Protocol (IMAP)

A standard email protocol used for retrieving email messages from a mail server over a TCP/IP connection. IMAP keeps emails on the server, allowing you to access messages from multiple devices. This means you can check your email from any device with internet access, and your emails will remain on the server until you decide to delete them. IMAP is particularly useful if you need to access your email from various locations or devices, such as a desktop computer at home, a laptop at work, and a smartphone or tablet while on the go.

Internet Protocol (IP)

A set of rules governing the format of data sent over the Internet or local network. Essentially, IP is the principal communications protocol for relaying datagrams across network boundaries.

IP Pools

Groups of dedicated IP addresses used to manage the sending reputation of your individual mail streams. These pools enable a more nuanced and effective approach to email deliverability, particularly for organizations or individuals who manage multiple types of email communications. At Staffbase, all customer emails are routed through a set of 13 dedicated IP addresses leased from AWS for the Email product. However, customers can also request their own dedicated IP(s) at additional cost.

Internet Service Provider (ISP)

A company that provides individuals and organizations access to the Internet and other related services, such as website building and hosting, email, and more.


JSON Web Tokens (JWT)

An open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object.


Mail server

A server responsible for managing and delivering email to the employees within your organization. Specific rules must be added, so that Employee Email can be treated as a trusted source to avoid emails from being flagged as external or spam.

Mail Exchange (MX)

A DNS record that specifies the email server responsible for receiving and handling emails on behalf of a domain. MX directs email messages to the correct email server based on the domain part of an email address, ensuring that email messages are routed to the correct destination.



A part of the Microsoft Office suite, providing tools for email communication, calendar scheduling, task and contact management, and more. Outlook helps individuals and businesses organize their communications and schedules efficiently.

Outlook Web App (OWA)

A web-based email client provided by Microsoft that allows users to access their email accounts, calendars, contacts, and tasks from a web browser without needing to install Microsoft Outlook or another email client on their local computer.


Post Office Protocol version 3 (POP3)

A standard protocol used by email clients to retrieve emails from a mail server over an Internet connection. It allows emails to be downloaded from the server to the client, so messages can be read offline. However, once emails are downloaded, they are typically deleted from the server. This means they can only be accessed from the device that downloaded them unless the email client is configured to leave copies of emails on the server.


Rate limit

The maximum number of API requests that can be made to the Staffbase infrastructure within a given time period.


Security Assertion Markup Language (SAML)

An open standard for exchanging authentication and authorization data between parties, specifically between an identity provider and a service provider. It enables SSO by allowing secure web domains to exchange user authentication and authorization data.

System for Cross-domain Identity Management (SCIM)

A standard designed to simplify and automate the process of managing user identities across various cloud-based applications and services. SCIM provides a common user schema and extension model, as well as binding definitions for RESTful APIs to enable systems to exchange user identity information in a standardized way. SCIM allows you to use an identity provider on the Staffbase platform to manage users.

Sending reputation

An email sending reputation is a score or assessment attributed to your email-sending domain and IP addresses by ISPs and Email Service Providers. It determines how trustworthy your email-sending practices are perceived. This reputation influences the likelihood of your emails reaching the recipients' inboxes, compared to being marked as spam or blocked entirely. Factors affecting your sending reputation include the volume of emails sent, the frequency of sending, recipient engagement (like opens and clicks), the number of spam complaints received, and the quality of your email lists. A good sending reputation is crucial for maintaining high deliverability rates for your email campaigns.

Sender domain

The part of an email address that comes after the @ symbol, which represents the domain from which an email is sent.

Simple Mail Transfer Protocol (SMTP)

A protocol used for sending emails across the Internet. It handles the communication between email servers, essentially guiding emails from the sender's server to the recipient's server. SMTP is involved mainly in the sending and forwarding of emails. It doesn't handle retrieving emails from the server (that's what POP3 and IMAP are for, as they let you download emails from the server to your email client). SMTP has been the backbone of email communication on the Internet for decades, enabling simple and efficient email transfer between users worldwide.

Software as a Service (SaaS)

A software distribution model where applications are hosted by a third-party provider and made available to customers over the internet.

Sender Policy Framework (SPF)

An email validation protocol that companies can use to determine who is authorized to send emails from their domains. The companies create an SPF entry in the DNS and use it to authorize the senders. The receiving email server use SPF to check whether incoming emails from a domain originate from an IP address authorized by administrators. Emails with fake "From" addresses are recognized and blocked.


The malicious practice of disguising communication from an unknown source as being from a known, trusted source. It is a technique used in cyberattacks to deceive people or systems into thinking the communication is legitimate. Spoofing can occur in various forms, including email spoofing, where the sender's address is made to appear as if it's coming from someone else. Spoofing is often used in phishing attacks to trick individuals into disclosing sensitive information, such as passwords or credit card numbers, by making them believe the request comes from a trustworthy entity.

Secure Sockets Layer (SSL)

A standard security protocol for establishing encrypted links between a web server and a browser in an online communication. This is crucial for protecting sensitive data exchanged during internet transactions.

Single sign-On (SSO)

A user authentication process that allows a user to access multiple applications or systems with one set of credentials (such as a username and password). After signing in once, a user can access all associated services without having to log in again. SSO simplifies the user experience by reducing the number of times a user has to log in or remember different passwords for various services.

SSO session lifetime

The configured duration for which a single sign-on session remains valid before re-authentication is required.


A subsection of a main domain. A subdomain is used to organize or navigate different sections of a website or to host different websites under the same domain name. It essentially acts as a separate website without needing a new domain name. Subdomains are created to organize and navigate to different parts of your site, or to host related but distinct content. They are recognized by their unique prefixes, which are added to the beginning of the main domain. For example, if the main domain is, a subdomain for a blog hosted on the same site might be, and a subdomain for a specific product or service might be The blog and product parts are the subdomains, and they allow webmasters to categorize their content without purchasing a new domain name for each section.

Staffbase client

Any user-facing application or system that accesses the Staffbase server services. This includes the mobile app, web app, Studio, and any other system integrated with the Staffbase services using the Staffbase APIs.

Staffbase servers

The backend infrastructure that hosts and delivers Staffbase services to the Staffbase clients.

Systems and Organizations Controls 2 (SOC2)

A compliance standard that specifically supports service organizations and provides guidance on managing customer data.


Transmission Control Protocol (TCP)

A fundamental protocol within the Internet protocol suite. It facilitates reliable, ordered, and error-checked delivery of a stream of data between applications running on hosts communicating via an IP network. TCP is designed to ensure that data sent from one point on the internet to another arrives intact and in the same order it was sent.

Text (TXT) record

A type of DNS record that provides text information to sources outside your domain. It is often used for email validation purposes.

Top-Level Domain (TLD)

The last segment of a domain name that follows immediately after the "dot" symbol. It is one of the highest levels in the hierarchical Domain Name System of the Internet. TLDs are broadly categorized into two main types - generic TLDs (gTLDs) and country code TLDs (ccTLDs). Generic TLDs (gTLDs) include familiar extensions, such as .com, .net, .org, .edu, and .gov, which can be used by any organization or individual worldwide. These often reflect the nature of the website (commercial, network, organization, educational, government, and so on). Country Code TLDs (ccTLDs) consist of two letters and are based on international country codes, such as .uk for the United Kingdom, .jp for Japan, and .de for Germany. Websites often use these to target audiences in a specific country.

Transport Layer Security (TLS)

A cryptographic protocol designed to provide secure communication over a computer network. TLS is the successor to SSL and is widely used to secure data transmitted over the Internet. It ensures privacy, data integrity, and authentication between communicating applications.

Transport rules

A set of conditions and actions that define how email messages are processed and routed by a mail server. Transport rules are used to enforce email policies, such as encryption, compliance, and security requirements, as well as to manage email flow within an organization. They can be configured to apply to all incoming or outgoing messages, or to specific messages based on defined criteria, such as sender, recipient, subject, or content.


US hosting infrastructure

Data centers located in the United States used specifically for hosting Staffbase platforms and serving US-based Staffbase customers.



See Allowlisting


XML (Extensible Markup Language)

A flexible text format to store and transport data. XML was designed to be both human-readable and machine-readable. This makes it an ideal way to structure data so that different programs and systems can share it. As it is extensible, XML allows developers to define their own tags, enabling the creation of a document structure that suits the specific needs of the data being stored or transported. This makes XML highly versatile and widely used where storing complex data in a standardized format is necessary, such as in web services, data exchange among businesses, and configuration files.