API Security

Authentication and Authorization

For authentication, we rely on static bearer tokens. These tokens are only used during the authentication process.

The token is used when requesting an access token. We use standard JWT OAuth 2.0 signed token. Our tokens contain the access rights of the user requesting access.

To receive a JWT token, you must use the static bearer token together with, email, and password, using Basic Authentication scheme to our Authorization endpoint. JWT tokens expire after 30 minutes.

Web Application Firewall

We use a Web Application Firewall configured to OWASP standards to protect against vulnerabilities such as SQL injections, DDoS and XSS attacks.

Our WAF logs are under continuous security monitoring 365 days per year, using a dedicated Managed Detection & Response service.