Security
Last updated
Was this helpful?
Last updated
Was this helpful?
How does Notify create an API that’s maximally safe while being as easy to implement for developers as possible? By not giving in to the reflex of stacking equivalent safety measures and by not sending sensitive information when it’s not required.
Notify uses the API-key as and requires HTTPS connections encrypted via TLS1.2 (or higher) to guarantee security. This means the Notify API can only be accessed through the secure https protocol. All of the API clients we publish use HTTPS.
End-to-end safety on the transport level is guaranteed by the HTTPS-requirement, no need to encrypt the data itself again. We only support TLS 1.2 (or higher). Connection is not possible when using a lower version.
HTTPS mitigates packet sniffing and timing & replay attacks. Thanks to HTTPS, data exchanged between Notify and the client is protected and guaranteed to be authentic. HTTPS implements hashed signatures, nonces and other tried and tested cryptographic safeties.
Man-in-the-middle attacks are prevented by strictly checking the HTTPS-certificate used on https://api.notify.cm/. If the client detects a fake certificate – let’s say because of a hacked DNS-server – no connection will be set up.
All sensitive information is entered on our platform. No third-party software or databases will be used.