Skip to main content

Transport Encryption

Overview

The connection between the client applications and the API is secured with TLS/SSL.

It is recommended that the URL domain is compatible for both testing and production to ensure that during the testing stage, notification configuration meets RPP requirements.

info

Our APIs only support TLS 1.2

API Security Header

All incoming requests via API must include the following parameters in the HTTP header.

ParameterValue
Content-Security-Policyscript-src 'self' ajax.cloudflare.com
Strict-Transport-Securitymax-age=1000
X-Xss-Protection1; mode=block
X-Frame-OptionsDENY
X-Content-Type-Optionsnosniff
Referrer-Policystrict-origin-when-cross-origin
Custom-HeaderSuccess