{"templateId":"markdown","sharedDataIds":{"sidebar":"sidebar-country-apis-catalog/sidebars.yaml"},"props":{"metadata":{"markdoc":{"tagList":[]},"type":"markdown"},"seo":{"title":"Security Best Practices"},"dynamicMarkdocComponents":[],"compilationErrors":[],"ast":{"$$mdtype":"Tag","name":"article","attributes":{},"children":[{"$$mdtype":"Tag","name":"Heading","attributes":{"level":1,"__idx":0,"id":"security-best-practices"},"children":["Security Best Practices"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Understanding security and network requirements is essential for successfully integrating with the Creditsafe Connect API. This page covers network access configuration and key security considerations."]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"__idx":1,"id":"network-access--ip-whitelisting"},"children":["Network Access & IP Whitelisting"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Important:"]}," Creditsafe Connect is a cloud-based service and ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["IP whitelisting is not supported or recommended"]},"."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Due to the distributed nature of cloud infrastructure, IP addresses can change dynamically, making IP-based whitelisting unreliable and potentially disruptive to your integration."]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":3,"__idx":2,"id":"required-network-configuration"},"children":["Required Network Configuration"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["If you need to restrict outbound access to Connect from your environment, use the following configuration:"]},{"$$mdtype":"Tag","name":"div","attributes":{"className":"md-table-wrapper"},"children":[{"$$mdtype":"Tag","name":"table","attributes":{"className":"md"},"children":[{"$$mdtype":"Tag","name":"thead","attributes":{},"children":[{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"th","attributes":{"data-label":"Configuration"},"children":["Configuration"]},{"$$mdtype":"Tag","name":"th","attributes":{"data-label":"Value"},"children":["Value"]}]}]},{"$$mdtype":"Tag","name":"tbody","attributes":{},"children":[{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Protocol"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["HTTPS"]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Port"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["443"]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["DNS Address"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["connect.creditsafe.com"]}]}]}]}]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":3,"__idx":3,"id":"why-dns-based-restrictions-are-preferred"},"children":["Why DNS-Based Restrictions Are Preferred"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Reliability"]},": DNS remains constant even when underlying infrastructure changes"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Flexibility"]},": Allows Creditsafe to scale and optimize infrastructure without impacting your integration"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Security"]},": HTTPS (port 443) ensures encrypted communication"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Maintainability"]},": No need to update firewall rules when cloud infrastructure evolves"]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"__idx":4,"id":"key-security-requirements"},"children":["Key Security Requirements"]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":3,"__idx":5,"id":"authentication"},"children":["Authentication"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Use JWT token-based authentication"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Tokens expire after 1 hour and must be refreshed"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Store credentials securely using environment variables or secret managers"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Never hardcode credentials in your application"]}]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["For detailed authentication implementation, see the ",{"$$mdtype":"Tag","name":"a","attributes":{"href":"/country-apis-catalog/product-catalog/se/authenticate"},"children":["Authentication"]}," documentation."]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":3,"__idx":6,"id":"communication-security"},"children":["Communication Security"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Always use HTTPS"]}," - Never make API calls over unencrypted HTTP"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["TLS 1.2 or higher"]}," - Ensure your client supports modern TLS versions"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Validate SSL certificates"]}," - Do not disable certificate validation"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["No certificate pinning"]}," - Due to cloud infrastructure, certificate pinning is not recommended"]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":3,"__idx":7,"id":"data-handling"},"children":["Data Handling"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Only request and store the data you need (data minimization principle)"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Encrypt any cached API responses"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Comply with GDPR, CCPA, and other applicable data protection regulations"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Never log credentials, tokens, or sensitive personal data"]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":3,"__idx":8,"id":"rate-limiting"},"children":["Rate Limiting"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Respect API rate limits and implement proper retry logic"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Use exponential backoff when encountering rate limit errors"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Cache responses appropriately to reduce unnecessary API calls"]}]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["For detailed rate limiting information, see the ",{"$$mdtype":"Tag","name":"a","attributes":{"href":"/country-apis-catalog/information/ratelimiting"},"children":["Rate Limiting"]}," documentation."]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"__idx":9,"id":"production-deployment-checklist"},"children":["Production Deployment Checklist"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Before deploying to production, ensure you have:"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["✅ Configured firewall to allow HTTPS traffic to ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["connect.creditsafe.com"]}," on port 443"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["✅ Implemented secure credential storage (no hardcoded credentials)"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["✅ Set up automatic token refresh before 1-hour expiry"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["✅ Enabled HTTPS certificate validation"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["✅ Implemented proper error handling and retry logic"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["✅ Configured monitoring for authentication failures and unusual activity"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["✅ Verified compliance with data protection regulations"]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"__idx":10,"id":"security-monitoring"},"children":["Security Monitoring"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Monitor your integration for:"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Authentication failures and unusual patterns"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Rate limit violations"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["API errors and exceptions"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Token refresh failures"]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"__idx":11,"id":"reporting-security-concerns"},"children":["Reporting Security Concerns"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["If you suspect a security incident or have security-related questions:"]},{"$$mdtype":"Tag","name":"ol","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Immediately rotate your API credentials"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Contact your Creditsafe account manager"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Review access logs for potential unauthorized activity"]}]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["For general feedback and support, see ",{"$$mdtype":"Tag","name":"a","attributes":{"href":"/connect-apis-catalog/information/feedback"},"children":["Providing Feedback"]},"."]}]},"headings":[{"value":"Security Best Practices","id":"security-best-practices","depth":1},{"value":"Network Access & IP Whitelisting","id":"network-access--ip-whitelisting","depth":2},{"value":"Required Network Configuration","id":"required-network-configuration","depth":3},{"value":"Why DNS-Based Restrictions Are Preferred","id":"why-dns-based-restrictions-are-preferred","depth":3},{"value":"Key Security Requirements","id":"key-security-requirements","depth":2},{"value":"Authentication","id":"authentication","depth":3},{"value":"Communication Security","id":"communication-security","depth":3},{"value":"Data Handling","id":"data-handling","depth":3},{"value":"Rate Limiting","id":"rate-limiting","depth":3},{"value":"Production Deployment Checklist","id":"production-deployment-checklist","depth":2},{"value":"Security Monitoring","id":"security-monitoring","depth":2},{"value":"Reporting Security Concerns","id":"reporting-security-concerns","depth":2}],"frontmatter":{"seo":{"title":"Security Best Practices"}},"lastModified":"2026-04-28T11:14:53.000Z","pagePropGetterError":{"message":"","name":""}},"slug":"/country-apis-catalog/information/security_se","userData":{"isAuthenticated":false,"teams":["anonymous"]},"isPublic":true}