IP Whitelisting
IP whitelisting is a security feature often used for limiting and controlling access only to trusted users. For our UAT and Production environments, we use IP whitelisting to create lists of trusted IP addresses or IP ranges from which your applications can securely access our APIs.
We allow only selected IP addresses to access our application over the internet. Hence as a consumer, it may be required to whitelist all the IP addresses that the consumer would be consuming the application from. This step is a prerequisite setup for successful connectivity.
Encryption
All communications with our APIs are encrypted. The API to be invoked accepts the encrypted request body that is encrypted using an encryption algorithm. The encryption key will be provided and will be different for each consumer.
Client Keys
All APIs require a Client id and secret Key that is generated as a part of the HTTP Header.
HTTPS and two-way SSL
i3MS Developer portal provides 2-Way SSL out of the box for a secure and reliable developer and live experience.
Mutual SSL or two-way SSL refers to both client and server authenticating each other at the same time. Which provides higher security compared to 1-way SSL in which only the client authenticates the server.
All consumers will be needed to invoke the application over HTTPS protocol. We also have a two-way SSL established. This means that we would be validating the consumer certificate. Hence, the consumer must have a certificate (which may be self-signed or a valid certificate from a CA) and the same is shared with us as a pre-requisite.