API security

All communication is automatically routed through a secure SSL channel encrypted with a globally trusted certificate. The application accepts connections on unsecured port 80 to improve the user experience but automatically redirects the user to a secure SSL channel.

The following diagram describes the communication schema with the application regarding channel security.

Users are authenticated against the authentication module. Depending on the application configuration, the application supports multiple authentication mechanisms such as OAuth2.0, SAML2.0, and LDAP.

After successful user authentication, the module provides a token that is used for further authorization against REST API services. The token has limited validity that is refreshed with each successful request.

The end-user can invalidate the authentication token manually. The following schema describes the authentication flow within the application.