Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Security

We take the security of our HTTP API seriously to ensure the protection of your data and operations.

Secure Communication

All API communications are secured using Transport Layer Security (TLS) to safeguard data in transit. We enforce TLS to prevent eavesdropping and tampering by third parties. Ensure that your HTTP client supports the latest TLS versions (TLS 1.2 or higher) and is updated regularly to stay protected against known vulnerabilities.

Authentication

Access to the API requires authentication through a dedicated API account. Each account is issued a pair of credentials, consisting of an API ID (similar to a username) and a secret key. It is crucial that the secret key remains confidential and is not exposed to unauthorized individuals or systems. We recommend storing the secret key securely, to avoid unintentional exposure. Never embed credentials directly in client-side code or public repositories.

These credentials must be included in each API request using the HTTP Basic Authentication scheme.

Authorization

Each API account is restricted to a specific set of functionalities and access to TandemDrive administrations. It’s recommended to setup your API accounts with the minimum necessary privileges to fulfill their designated tasks.

Server-to-Server Interaction

Our APIs are designed for server-to-server communication. It is recommended that API access is limited to trusted back-end systems and services. Avoid making direct API requests from client-facing applications like web browsers or mobile apps.

Incident Response and Vulnerability Reporting

If you suspect that your API key has been compromised or if there is any uncertainty about its security, contact us immediately. Quick action can help mitigate potential risks. For security incidents, vulnerability reports, or any concerns related to the security of the API, please reach out to our security team at security@tandemdrive.com.

By adhering to these practices, you can help maintain the integrity and security of your integration with our API.