Public API Security

This topic describes security considerations when using Public API.

POA allows to control the following security aspects of Public API using:

• Type of protocol is used as transport for XML-RPC communication.
  • SSL is disabled. In this case the plain HTTP is used as transport protocol. The content of XML-RPC requests/responses transmits over network in unencrypted form.
  • SSL is enabled. In this case HTTP over SSL is used as transport protocol. The content of XML-RPC requests/responses transmits over network in encrypted form.
• Authentication mode.
  • HTTP Authentication is disabled. In this case XML-RPC client can call Public API methods, which are listed in this reference, without POA credentials providing.
  • HTTP Authentication is enabled. In this case XML-RPC client should provide POA Account Staff Member's login and password to pass through authentication process. If Provider Account Staff Member's login and password are provided, the XML-RPC client will be able to call Public API methods, which are listed in this reference. If Reseller Account Staff Member's login and password are provided, the XML-RPC client will be able to call limited set of Public API methods (the method allowed to use by Reseller is marked as "this method can also be called under Reseller permissions" in method's description).
• Networks from which access to Public API is allowed.
  • Accept connections from everywhere. In this case XML-RPC clients from any network can call Public API methods.
  • Accept connections only from allowed networks. In this case XML-RPC clients only from allowed networks (or IP Addresses) can call Public API methods.

Note: The complete information how to configure Public API security is provided in Provider's Guide in Configuring POA Public API section.