Signagelive employs robust authentication and authorisation procedures for all APIs, utilising JSON Web Tokens (JWT). The authentication and authorisation process verifies the following:
The token originates from a known issuer.
The token has not been tampered with.
The token is intended for the audience (API) being requested.
The token is associated with the network from which data is being requested.
The network is enabled.
The user or application possesses access to the network.
The claims within the token correspond to the requested endpoint.
The token is being used within a valid timeframe (i.e., it has not expired).
Screenshots are served directly from Amazon S3 using pre-signed URLs that expire after 60 seconds, ensuring secure and temporary access.
Signagelive's APIs do not provide access to credentials. Therefore, credentials cannot be exposed or viewed within the User Interface and can only be updated, for example, when usernames or passwords are changed.
Credentials are exclusively accessible by synchronisation workers. These workers decrypt the credentials to inject them into website login controls. This data does not persist during the process, and any memory used is cleared immediately after use.
Access requests on the media player for synchronised data from the WidgetSDK are thoroughly validated to ensure that the widget can access the specific data object.