# Security Best Practices Understanding security and network requirements is essential for successfully integrating with the Creditsafe Connect API. This page covers network access configuration and key security considerations. ## Network Access & IP Whitelisting **Important:** Creditsafe Connect is a cloud-based service and **IP whitelisting is not supported or recommended**. Due to the distributed nature of cloud infrastructure, IP addresses can change dynamically, making IP-based whitelisting unreliable and potentially disruptive to your integration. ### Required Network Configuration If you need to restrict outbound access to Connect from your environment, use the following configuration: | Configuration | Value | | --- | --- | | **Protocol** | HTTPS | | **Port** | 443 | | **DNS Address** | `connect.creditsafe.com` | ### Why DNS-Based Restrictions Are Preferred - **Reliability**: DNS remains constant even when underlying infrastructure changes - **Flexibility**: Allows Creditsafe to scale and optimize infrastructure without impacting your integration - **Security**: HTTPS (port 443) ensures encrypted communication - **Maintainability**: No need to update firewall rules when cloud infrastructure evolves ## Key Security Requirements ### Authentication - Use JWT token-based authentication - Tokens expire after 1 hour and must be refreshed - Store credentials securely using environment variables or secret managers - Never hardcode credentials in your application For detailed authentication implementation, see the [Authentication](/connect-apis-catalog/information/authentication) documentation. ### Communication Security - **Always use HTTPS** - Never make API calls over unencrypted HTTP - **TLS 1.2 or higher** - Ensure your client supports modern TLS versions - **Validate SSL certificates** - Do not disable certificate validation - **No certificate pinning** - Due to cloud infrastructure, certificate pinning is not recommended ### Data Handling - Only request and store the data you need (data minimization principle) - Encrypt any cached API responses - Comply with GDPR, CCPA, and other applicable data protection regulations - Never log credentials, tokens, or sensitive personal data ### Rate Limiting - Respect API rate limits and implement proper retry logic - Use exponential backoff when encountering rate limit errors - Cache responses appropriately to reduce unnecessary API calls For detailed rate limiting information, see the [Rate Limiting](/connect-apis-catalog/information/ratelimiting) documentation. ## Production Deployment Checklist Before deploying to production, ensure you have: - ✅ Configured firewall to allow HTTPS traffic to `connect.creditsafe.com` on port 443 - ✅ Implemented secure credential storage (no hardcoded credentials) - ✅ Set up automatic token refresh before 1-hour expiry - ✅ Enabled HTTPS certificate validation - ✅ Implemented proper error handling and retry logic - ✅ Configured monitoring for authentication failures and unusual activity - ✅ Verified compliance with data protection regulations ## Security Monitoring Monitor your integration for: - Authentication failures and unusual patterns - Rate limit violations - API errors and exceptions - Token refresh failures ## Reporting Security Concerns If you suspect a security incident or have security-related questions: 1. Immediately rotate your API credentials 2. Contact your Creditsafe account manager 3. Review access logs for potential unauthorized activity For general feedback and support, see [Providing Feedback](/connect-apis-catalog/information/feedback). ## Additional Resources - [Authentication](/connect-apis-catalog/information/authentication) - JWT token authentication implementation - [Rate Limiting](/connect-apis-catalog/information/ratelimiting) - Rate limit details and best practices - [Error Codes](/connect-apis-catalog/information/errorcodes) - Security-related error codes (401, 403, 429) - [HTTP Methods](/connect-apis-catalog/information/methods) - API methods and their security implications