API security

This section describes security mechanisms used to protect the integration between you and us.


All endpoints require the HTTP Authorization header, which are to include an access token. In the authentication guide you can read about how to set this up and get access to our system. The authentication builds on OAuth2.0. In order to use our products you are required to follow the steps described in the guide.

We do not require any additional security mechanism other than the authentication. However, we highly recommend to also set up either mutual TLS or IP whitelisting. To get advice, or enable any of the mentioned security mechanisms, reach out to us.

Mutual TLS

We offer the possibility to enable mutual TLS (mTLS) between you as a client, and us as a server, in addition to the required authentication. This means that you as a client will trust our server certificate and our server will require your client certificate.

IP whitelisting

We offer the possibility to enable IP whitelisting on top of the mandatory authentication. We configure our servers to only allow requests from your IP addresses.

What’s Next