In-App Notification Center

1. Purpose & Scope

This article documents the In-App Notification Center, introduced in Tiled v60.0.0. The Notification Center provides users with real-time in-product alerts when significant events occur, supporting both operational awareness and compliance-relevant event monitoring.

Scope: All authenticated Tiled users. The Notification Center is enabled by default for all customers as of v60.0.0 (feature flag TD-6730 is on by default).

2. Control Objective

The control objective is to ensure that users are promptly informed of security-relevant and operationally significant events within the Tiled platform, including content sharing, content republication, and changes to API authentication tokens. This supports timely detection of unauthorized or unintended actions and enables user-driven incident response.

3. Feature Description

The Notification Center is a persistent, in-product alert panel accessible from the main navigation. It surfaces the following event types:

Microapp Shared	User is notified when a microapp they own or manage is shared with a recipient.
Microapp Republished	User is notified when a microapp is republished, indicating content has been updated and redistributed.
API Token Changed	User is notified when an API token associated with their library or account is created, rotated, or revoked.
Session Notification	Deep-linked notification when engagement session data is available. Links directly into Pathway Analytics for the relevant microapp.

4. Accessing the Notification Center

Log into your Tiled account.
Locate the Notification Center icon in the main library navigation bar (bell icon).
Click the icon to open the notification panel.
Click any notification to navigate to the relevant context (e.g., a session notification links directly into Pathway Analytics).

5. Security-Relevant Notification: API Token Changes

API token change notifications are a security control. When an API token is created, modified, or revoked for a library or account, the relevant account owner(s) receive a notification. This control supports:

Detection of unauthorized token issuance or rotation.
Awareness of token lifecycle events for credential hygiene.
Audit evidence that token change events were surfaced to authorized personnel.

Note: API token notifications for library-level and account-level tokens are delivered as separate, non-overlapping notifications (Bug Fix TD-6738 resolved a prior issue where these notifications replaced each other). Similarly, Share and Republish notifications are distinct events and do not collapse (TD-6736).

6. User Roles & Access Requirements

All Authenticated Users	Receive notifications for events related to microapps and tokens within their scope of access.
Library Administrator	Receives API token change notifications for the library. Reviews notifications for security-relevant events.
Content Owner	Receives share and republish notifications for owned microapps.
Auditor / Compliance	May review notification event history as part of user activity evidence.

7. Audit Evidence & Logging

Notification events are generated at the platform level and are timestamped at creation.
Session notifications include deep links into Pathway Analytics, enabling auditors to trace the full engagement lifecycle from notification trigger to session record.
Notification interactions are tracked via Userflow (internal telemetry, TD-6726) to support product analytics and control effectiveness monitoring.
API token notifications constitute evidence of a monitoring control over credential lifecycle events.

9. Related Controls

KB-v60-01 — Email Requirement for Shared Links (share event that triggers notification)
KB-v60-03 — Engagement Insights: HubSpot Integration (session events surfaced via notifications)

10. Change History

v1.0 — May 5, 2026

Initial article. Feature shipped in Tiled v60.0.0 (TD-6693, TD-6653).