Jump to content

Security for third party Domain, Hosting and Other Providers


Luis

Recommended Posts

Some (if not most) providers have some sort of security for their API keys which includes whitelisting IP addresses, so no bad actors can access those accounts.

I'm assuming that all data in upmind is encrypted and protected, but it would sill be good if had the ability to lock those APIs by IP.

Considering upmind is a SaaS platform, would it be possible to get a functionality like this?

thanks.

  • Like 1
Link to comment
Share on other sites

7 minutes ago, Seb said:

Screenshot 2022-08-10 at 20.03.20.png

 

Yes, but it's not that exactly.

For example, the following is a screenshot from namesilo, when you create an api key, you can lock that key usage by IP. There are also some other providers (like resellerclub) that makes this mandatory

 

image.thumb.png.23de4af3d07d3ac21ff2325996e799cf.png

 

Are the IP addresses we add as an A record to the domain, the IP's from where the provisioning requests are coming from?

Edited by Luis
  • Like 1
Link to comment
Share on other sites

Just to add a little more info about this.

I see you released a resellerclub integration already (amazing rate of releases!)

image.thumb.png.68eb217194c110a6683170b10505bcaf.png

 

Now, it asks for an API key, which I already have. But my API console requires me to whitelist the IP addreses from where API calls will be made, and doesn't allow me to save without one.

 

image.thumb.png.f2dc2b81a8402626fdfbf87c8b2f6d20.png

 

Are there some fixed IP addreses we can use for these cases?

 

Thanks!

 

  • Like 1
Link to comment
Share on other sites

Ah ok - so something to clarify

*Everything* that happens in Upmind is an API call. We're API first, so the entire admin area and client area is just you interfacing with our API

If you lock down the IP restriction you therefore lock down both the admin area, and any API calls

We will be changing the API setup and making API tokens, and those we will allow to be individually locked down to IPs also.

  • Like 1
Link to comment
Share on other sites

5 hours ago, Seb said:

Ah ok - so something to clarify

*Everything* that happens in Upmind is an API call. We're API first, so the entire admin area and client area is just you interfacing with our API

If you lock down the IP restriction you therefore lock down both the admin area, and any API calls

We will be changing the API setup and making API tokens, and those we will allow to be individually locked down to IPs also.

Thank you, I understand more now.

Sorry for the trouble.

Link to comment
Share on other sites

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...