The Ostendo API key is very sensitive information and needs to be properly secured, as it gives anyone who has it the ability to access your Ostendo database.
Security Certificate (SSL)
We strongly recommend SSL when using the Ostendo API to link Ostendo externally over the internet to applications such as Ostendo Freeway in the field or E-Commerce web stores over the web. This encrypts data transactions between the system and mobile devices to prevent unauthorised access of data in transmission. Only valid and current security certificates signed by a trusted Certifying Authority (CA) can be used with Ostendo Freeway. Self-signed security certificates are not secure enough and will not work with Ostendo Freeway.
SSL is not required when using the Ostendo API to link Ostendo internally over a wi-fi network for applications such as Ostendo Freeway for warehouse management, quality management or shop floor data collection.
Web Link API Security
When linking to another application over the web, such as an E-Commerce web store, the API key should never be published or exposed in any web link connection string as this is obviously a major security vulnerability. Standard methods such as storing the API key in a third party file such as key.js and calling it from there should be used. The connection string may show as https://ibisbis.com.au/key.js.
Ostendo User Security
It is important to properly secure the API key in ‘User Security & Options’ so that only users who should have access to the API Key can access it. This involves being careful who is setup as an Administrator user as they automatically have access to all system settings including the API Key.
We recommend that;
Secure the ADMIN user with a secure password. Do not allow users to login as this user.
Only users who should be able to access the API Key should be given access to the API module.
Users should be setup as a Normal User and given the access they require, which could include all modules except for the API module.
Do not setup any user as an Administrator User unless they are allowed access to all system settings including the API Key. Existing Administrator Users should be reviewed and setup again if they should not have access to the API Key. Contact us for a simple way of doing this and preserving a user’s screen layout.
Ibis Business Intelligence Solutions
Website: www.ibisbis.com | Email: info@ibisbis.com
Australia: 1800 427 424 | New Zealand: 0800 427 424
© Copyright Ibis Business Intelligence Solutions. All rights reserved! By accessing this website you accept our Terms of Use.