There are four areas where security can be established when using the API:
- XData User: When you integrate using the XData API it is recommended that you create a separate Act! user profile for it to use to connect to the Act! database. Just like any other Act! user you can implement user access/security settings. Note that the permissions you set here apply to any application that uses the XData API. Note that the username and password assigned to the XData user is stored on the server and is encrypted – the encryption is handled by XData. At no stage is any other user’s username and password required.
- XData Keys: When you integrate using the XData API you can generate any number of keys, and each key can have different permissions. Here it would be the responsibility of the business to generate the keys and determine which permissions should be implemented. The keys are generated using an admin console which resides on the same server that XData is on, so it would be wise for the business to also control who can access the server. The keys can also be revoked at any time which would prevent any application using that key from running.
- Via the 3rd party integration or custom development: If you are linking to a 3rd party application you may be able to utilise some of its security settings. If you are building a custom development you could work with your developer to build the required security features into the application.
- On the Server where XData resides: Security features available on your server include the ability to restrict calls from certain IP addresses and restrict calls to HTTPS only.
For more information on security email email@example.com