Transport Encryption
Overview
The connection between the client applications and the API is secured with TLS/SSL.
It is recommended that the URL domain is compatible for both testing and production to ensure that during the testing stage, notification configuration meets RPP requirements.
info
Our APIs only support TLS 1.2
API Security Header
All incoming requests via API must include the following parameters in the HTTP header.
| Parameter | Value |
|---|---|
| Content-Security-Policy | script-src 'self' ajax.cloudflare.com |
| Strict-Transport-Security | max-age=1000 |
| X-Xss-Protection | 1; mode=block |
| X-Frame-Options | DENY |
| X-Content-Type-Options | nosniff |
| Referrer-Policy | strict-origin-when-cross-origin |
| Custom-Header | Success |