OPNX offers both REST and WebSocket APIs, specifically designed for ultra-low latency and secure connections. We prioritize security and have implemented various measures to ensure the integrity and confidentiality of our API endpoints.
Authentication and Authorization
We utilize JWT tokens as a reliable and efficient method for handling user authentication and authorization. Key security measures include:
Token Expiration: Our JWT tokens have a short lifespan to minimize risks associated with token theft or unauthorized access.
HTTPS: We enforce the usage of HTTPS to encrypt data transmitted between clients and our API servers, protecting sensitive information.
Token Storage: Tokens are transmitted as HTTP headers and securely stored in in-browser storage, preventing XSS attacks that target cookie-based tokens.
Validation and Auditing: We employ stringent validation processes to ensure incoming JWT tokens are properly formed, signed, and not expired.
Secure Communication
We use SSL/TLS-based connections (HTTPS) to establish confidential and non-tamperable communication between our customers' endpoints and API servers, protecting users from 'man-in-the-middle' attacks and tampered connections.
Rate Limiting
Our API features rate limiting controls to protect against brute-force attacks, denial-of-service attacks, and other malicious activities. This ensures the availability and integrity of our API while mitigating risks associated with excessive requests.
Isolated Environment
Our API server endpoints operate in a dedicated, isolated environment, ensuring proper segregation of customer data and transactions from other business processes
Multi-Layered Security
We have developed a multi-layered API security approach, which encompasses network, host, and cloud layers. This includes deploying security defense mechanisms such as WAFs, Network Firewalls, and EDRs.
Security Audits and Vulnerability Assessments
As part of our ongoing security improvement efforts, we conduct regular security audits and vulnerability assessments to identify potential risks and vulnerabilities within our API infrastructure.
Logging and Monitoring
We have implemented comprehensive logging and monitoring systems for our API infrastructure to track usage, detect potential security incidents, and provide valuable insights into suspicious activities. We regularly review logs to ensure prompt detection and response to security threats.
By adopting these security measures and maintaining a strong security posture, OPNX ensures a secure and reliable API experience for our users.