Security of APIs & Integration Interfaces

Digital Robot applies the same layered controls to protect integration interfaces:

  • Transport security: All API traffic is encrypted in transit (HTTPS/TLS 1.2+).
  • Scoped access: API usage is restricted to authorised admin users through role-based access control (RBAC).
  • Key-based authentication: API use requires an API key presented in the Authorization header; keys are managed by an administrator and can be rotated at any time.
  • Secure configuration & hardening: We harden systems and restrict unnecessary services and ports, following recognised industry baselines.
  • Secure development and testing: Our testing aligns with OWASP principles, covering authentication, authorisation, input validation, and other key security areas. We conduct regular external penetration tests and promptly remediate any findings.
  • Patch management: All underlying infrastructure, runtimes, and dependencies are patched under a formal patch management policy and change control process.

We do not provide client-specific customisations such as per-tenant IP allow-lists or custom session policies.

Still need help? Contact Us Contact Us