Understanding security and network requirements is essential for successfully integrating with the Creditsafe Connect API. This page covers network access configuration and key security considerations.
Important: Creditsafe Connect is a cloud-based service and IP whitelisting is not supported or recommended.
Due to the distributed nature of cloud infrastructure, IP addresses can change dynamically, making IP-based whitelisting unreliable and potentially disruptive to your integration.
If you need to restrict outbound access to Connect from your environment, use the following configuration:
| Configuration | Value |
|---|---|
| Protocol | HTTPS |
| Port | 443 |
| DNS Address | connect.creditsafe.com |
- Reliability: DNS remains constant even when underlying infrastructure changes
- Flexibility: Allows Creditsafe to scale and optimize infrastructure without impacting your integration
- Security: HTTPS (port 443) ensures encrypted communication
- Maintainability: No need to update firewall rules when cloud infrastructure evolves
- Use JWT token-based authentication
- Tokens expire after 1 hour and must be refreshed
- Store credentials securely using environment variables or secret managers
- Never hardcode credentials in your application
For detailed authentication implementation, see the Authentication documentation.
- Always use HTTPS - Never make API calls over unencrypted HTTP
- TLS 1.2 or higher - Ensure your client supports modern TLS versions
- Validate SSL certificates - Do not disable certificate validation
- No certificate pinning - Due to cloud infrastructure, certificate pinning is not recommended
- Only request and store the data you need (data minimization principle)
- Encrypt any cached API responses
- Comply with GDPR, CCPA, and other applicable data protection regulations
- Never log credentials, tokens, or sensitive personal data
- Respect API rate limits and implement proper retry logic
- Use exponential backoff when encountering rate limit errors
- Cache responses appropriately to reduce unnecessary API calls
For detailed rate limiting information, see the Rate Limiting documentation.
Before deploying to production, ensure you have:
- ✅ Configured firewall to allow HTTPS traffic to
connect.creditsafe.comon port 443 - ✅ Implemented secure credential storage (no hardcoded credentials)
- ✅ Set up automatic token refresh before 1-hour expiry
- ✅ Enabled HTTPS certificate validation
- ✅ Implemented proper error handling and retry logic
- ✅ Configured monitoring for authentication failures and unusual activity
- ✅ Verified compliance with data protection regulations
Monitor your integration for:
- Authentication failures and unusual patterns
- Rate limit violations
- API errors and exceptions
- Token refresh failures
If you suspect a security incident or have security-related questions:
- Immediately rotate your API credentials
- Contact your Creditsafe account manager
- Review access logs for potential unauthorized activity
For general feedback and support, see Providing Feedback.
- Authentication - JWT token authentication implementation
- Rate Limiting - Rate limit details and best practices
- Error Codes - Security-related error codes (401, 403, 429)
- HTTP Methods - API methods and their security implications