Critical-risk tools in Novaposhta
5 of the 50 tools in Novaposhta are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
address_deleteDestructiveDelete counterparty address by reference using Address/delete (doc 1.25). Allowed only before the address participates in an Internet document; afterward the API blocks deletion.
-
contact_person_deleteDestructiveDelete contact person by reference using ContactPerson/delete (doc 1.27). Nova Poshta allows deletions via API only for legal entities and only until the contact was used on an ...
-
counterparty_deleteDestructiveDelete counterparty by reference using Counterparty/delete (doc 1.22). IMPORTANT: Docs explicitly state only Recipient counterparties can be deleted through the API; Sender clea...
-
waybill_deleteDestructiveDelete one or multiple waybills by their DocumentRef via InternetDocument/delete (doc 1.2). Waybills can only be deleted before they enter processing. Returns success/error stat...
-
waybill_delete_batchDestructiveBatch delete multiple waybills by their DocumentRef via InternetDocument/delete (doc 1.2). Alias for waybill_delete that processes all refs in a single API call. Waybills can on...
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.