All APIs are protected by strong authentication and authorization procedures utilizing JWT tokens, the
authentication and authorization process checks:
- The token is from a known issuer
- The token has not been tampered with
- The token is for the audience (API) being requested
- The token is for the network where data is being requested from
- The network is enabled
- The user/application has access to the network
- The claims in the token match the endpoint being requested
- The token is being used within a valid time frame i.e. it is not expired
Screenshots are served directly from S3 using pre-signed URLs that expire after 60 seconds.
Credentials are not accessible via our APIs, therefore, cannot be exposed or viewed in the User
Interface can only be updated for example when user names or passwords are changed.
Credentials are only accessible by the synchronisation workers which will need to decrypt them so they
can be injected into the website's login controls. This data is not persisted during the process and
memory used is cleared after use.
Access requests on the media player to synchronised data from the WidgetSDK are validated to
ensure that the widget is permitted to access that data object.