Blink is a multi-tenanted Software-as-a-Service platform.
All requests to our API are authenticated by signed, short-lived, refreshable JSON Web Tokens which contain a claim with both the user and organization ids. These ids are used as a tag throughout the system to ensure data segregation is maintained.
All endpoints have automated authorization tests and our QA team regularly tests authorization functionality. In addition, our annual penetration testing by our external security partner also conducts tests in this area.