Encryption (HTTPS/TLS)
All communication with the API website, REST API, and SOAP API enforces a secure HTTP connection (HTTPS) and requires the more modern Transport Layer Security (TLS) version 1.2 to be used to reduce security vulnerabilities.
Credentials & IP whitelisting
Access to use the service is controlled via Username/Password, that are provided in a separate e-mail (as shown in the capture below). Besides, access is additionally controlled by an Access Control List (ACL) so you may be requested to provide us with static IP addresses or IP address range(s).
All access to our websites and web services require secure HTTPS connections.
The customer credentials used to access the web service website are also required to access the web service API operations, however the API also checks the source IP address of each HTTP request to verify that it is from a known IP on a customer whitelist that we maintain in our network firewall.
As a reminder, the customer preview environment does not enforce IP whitelisting in order to be more flexible for customers evaluating or doing their own development/integration with the service.
The REST API and the SOAP API both require the customer's username and password credentials to be submitted on every HTTP request in compliance with the common HTTP 'basic access authentication' standard. This requires an 'Authorization' header property to be added to the request where the value is a base64-encoding of the username and password (separated by a colon) and prefixed with the keyword 'Basic' (separated by a space).