Security

Secure access

Where at all possible you should use secure connections when using the API, particularly when usernames and passwords (or tokens) are being communicated across the internet or when messages contain sensitive information.

SSL or TLS can be used with  and  APIs to secure access to our services. Similarly VPN connections can be put in place for this purpose.

Message confidentiality

While SMS is a suitable means for communicating some sensitive information, it is not suitable for messages that absolutely must not be visible to parties that may lie between your application and the intended recipient. Where strong end-to-end encryption of messages is used then SMS should be fine, albeit IP may be a more suitable transport than SMS.

Recommendations

For the HTTP protocol always use HTTPS with the HTTP (simple) and HTTP (sophisticated) APIs.

For SMTP (simple)SMTP (sophisticated) and non-TLS protected SMPP APIs we recommend the use of VPN connections. Contact Support or your Account Manager if you wish to have a VPN connection set-up.