Security

Secure access

Where at all possible you should use secure connections when using the API, particularly when usernames and passwords (or tokens) are being communicated across the internet or when messages contain sensitive information.

SSL or TLS can be used with HTTP (simple) and HTTP (sophisticated) APIs to secure access to our services. Similarly VPN connections can be put in place for this purpose.

Message confidentiality

While SMS is a suitable means for communicating some sensitive information, it is not suitable for messages that absolutely must not be visible to parties that may lie between your application and the intended recipient. Where strong end-to-end encryption of SMS message content is used then SMS has as good message confidentiality as any other transport, albeit where available IP may be a more suitable than SMS.

Recommendations

For the HTTP protocol always use HTTPS with the HTTP (simple) and HTTP (sophisticated) APIs.

For SMTP (simple), SMTP (sophisticated) and non-TLS protected SMPP APIs we recommend the use of VPN connections. Contact Support or your Account Manager if you wish to have a VPN connection set-up.