Security
The Virtual Incentives REST API utilizes a combination of Authorization, Authentication, and Encryption to secure its endpoints. Only pre-approved and qualified partners are permitted access to the REST API.
Authorization
The client must provide their IP address(es) from which the Virtual Incentives REST API will be accessed. If the client subsequently changes their IP address(es) from which it accesses the web service, the connection will be refused with a 403.6 error. Please notify Virtual Incentives at [email protected] in advance of changing your sending IP address(es).
Multiple IP addresses are supported.
Authentication
Each client will be provided with a unique Username and Password that must be specified with each request. The REST API utilizes Basic Authentication over SSL.
Encryption
Any attempts to access the API without SSL will result in a 403.4 error.
Cloud Services
The Virtual Incentives Rest API is already compatible with some Cloud services. There are options available for each service to use the REST API, while still adhering to the whitelisting restriction.
Amazon AWS
-
AWS Elastic IP Addresses: Amazon offers the use of Elastic IP addresses, which are static public IP addresses that can be assigned to EC2 or similar instances. The client can add an Elastic IP to any instance that will be making a call to the REST API and provide these addresses for whitelisting.
Resource: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html
-
AWS NAT Gateway/Instance: AWS allows you specify a NAT Gateway or NAT Instance. This functionality allows a private subnet access to the internet through a single Elastic IP Address.
Resource: https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-in-vpc.html
Microsoft Azure
Azure Private IP Addresses: Microsoft Azure offers the use of private IP addresses, which are static public IP addresses that can be assigned to a virtual machine. The client can set a private IP to be static after creating a VM that will be making a call to the REST API and provide these addresses for whitelisting.
Google Cloud
-
Static IP Addresses: Google cloud offers the use of static external IP addresses that can be assigned to a new VM instance. The client can reserve a new static external IP address and then assign the address to a new VM instance that will be making a call to the REST API and provide these addresses for whitelisting.
Resource: https://cloud.google.com/compute/docs/ip-addresses/reserve-static-external-ip-address
-
Cloud NAT Gateway/Instance: Google Cloud allows you to specify a NAT Gateway or NAT Instance. This functionality allows instances without external IP addresses and private Google Kubernetes Engine (GKE) clusters to connect to the internet.
Updated over 5 years ago