This article provides the Domains and Protocols inventory. Your IT department can use this information to ensure a smooth experience while using the Clearstory app.
Domains
.clearstory.build - All of our apps and APIs use subdomains on this domain.
app.clearstory.build - The single page web application.
www.clearstory.build - The marketing site (hosted through Hubspot).
ec.clearstory.build - Snowplow event collector endpoint, this may be detected as a tracker. Note that important events are sent from our APIs so that calls to this service from the frontend are limited to UI events that fit best here (page views, screen views, certain UI element clicks, etc.). This is used by both the web and mobile app.
.extracker.com - This legacy domain is still supported for backward compatibility, but isn’t going to be visible in a web browser address bar except for the Auth0 hosted login/signup pages.
auth.extracker.com - This is what we have Auth0’s universal login pages using. Note that this wasn’t changed to clearstory.build due to backward compatibility and also because if/when we do change it, all issued JWTs and any cookies issued by Auth0 may become invalid/unusable. This would force all users to log in again, so it’s a change that should not be done during business hours. The biggest challenge here is older versions of the mobile app. Users would be forced to upgrade since the redirect would be to auth.extracker.com still. Auth0 does not allow multiple CNAME records here.
3rd Party Service Domains
maps.googleapis.com - This is Google’s maps service which provides address autocomplete for our forms.
.gstatic.com - This hosts assets for Firebase (used for our PDF annoations and push notifications).
fonts.googleapis.com - This is for web fonts for our app hosted by Google.
use.fontawesome.com - This also provides web fonts (icons) for our app.
.boxcdn.net - This hosts assets for Box’s file picker.
.live.net - This hosts assets for Microsoft’s OneDrive file picker.
.userpilot.io - This service provides in-app onboarding help and tips (analytex.userpilot.io uses websockets).
sentry.io - This service provides bug and crash reporting for technical support.
.hubspot.com , *.hs-scripts.com, *.leadflows.com, *.hs-banner.com, *.hsadspixel.net - Hubspot provides customer support, live chat, and tracking/analytics. Note that on first use, users will see a banner that does allow them to opt-out.
.amazonaws.com, s3-us-west-2.amazonaws.com - This is used primarily for AWS S3 where our application assets are hosted (PDFs, images, etc.) Note that since we do not currently use CloudFront, the domain is amazonaws.com instead of something like assets.clearstory.build
googletagmanager.com - Google Tag Manager allows for analytics and management of snippets for other services.
stats.g.doubleclick.net - Google Analytics/Ads
chat.stream-io-api.com - Real-time chat service (uses websockets).
Integrations
There will be various 3rd party integrations that may either proxy requests through our API or make requests directly from the web browser. The OAuth 2.0 protocol (for logging into 3rd party services from the web browser) will typically either open a pop-up window or redirect the user to login with a redirect back to the Clearstory web app. We opt for the redirect method when possible due to pop-up blockers.
Domains for 3rd party integrations will vary based on each customer’s usage; Procore, Plangrid, HCSS, Agave, and more.
Protocols
https - All of our APIs and web applications use https with TLS v1.2+ encryption in transit.
wws - Our live chat channels (on Change Order Requests and T&M Tags) will make use of websockets as will PDF annotations/markups as those are hosted in Google’s Firebase. The websockets allow for bi-directional communication through a persistent connection for real-time updates.
Email Domains & IP
All Clearstory emails are sent from addresses using the clearstory.build domain. Note that the legacy extracker.com domain (from a branding/rename) is and will continue to be owned by Clearstory. Users should not expect to see emails from extracker.com.
Clearstory uses Sendgrid for sending email from the application services and our mail server IP address is: 168.245.78.50 and has been leased by Clearstory since May 02, 2018.
Emails sent from the application via Sendgrid may contain tracking pixels and wrapped links. Note that the link branding/tracking will use clearstory.build domain (ie. url7216.clearstory.build).
Clearstory also uses Google for employee email. All email sent from Clearstory employees would be expected to be from Google or through Hubspot.
Binary Data & Files
Clearstory allows users to share files in several ways. All file assets are hosted from Clearstory’s AWS S3 and make use of signed URLs (these are access tokens that expire).
Change Order Requests: Users can upload a PDF to share with others or if they use Clearstory to create a Change Order Request the PDF document may be generated by Clearstory’s services. These wouldn’t present risk as that PDF file was generated by Clearstory. However, additional PDFs from the user may be attached and merged into the final PDF document.
T&M Tags: PDF documents for T&M Tags are generated by Clearstory, but may also include additional PDFs uploaded by a user that get merged and added at the end of the document.
Change Notifications: Multiple assets, that can be almost any file type, can be uploaded by users to share with others. Clearstory will bundle these assets into a zip file that is associated with the Change Notification for other users to download.
In App PDF Viewer: For Change Order Requests, there is a JavaScript based PDF viewer that will load PDFs into the web browser so that users can view and annotate the PDFs. The T&M Tag Signature page also utilize an PDF viewer, but do not currently include the ability to add annotations.
3rd Party File Uploads: Users may connect to various 3rd party file sharing services (ie. Google Drive, Microsoft OneDrive, Box) to upload files to Clearstory. This is currently one way only and files can not be sent to the 3rd party file sharing services from Clearstory.