search

shield-checkAPI security

API access is protected by two layers:

  1. IP source filtering (optional)

  2. Authentication (mandatory)

hashtag
IP source filtering

API access can be filtered out to allow only requests sent from specified IP addresses. This adds a security layer for accessing the API. To restrict the public IPs allowed to access the search API, you must send them to your Service Account Manager.

circle-info

IMPORTANT NOTE If you don’t specify a list of public IP address to restrict the access to the search API, it will be accessible from the whole Internet. This is not a security problem because the API will not process request that are not successfully authenticated with the right credentials.

hashtag
Authentication

The search API will ignore any request that is not successfully authenticated. The requests must include standard platform authentication headers as detailed below. The client sends the request including an Authorization header with the credentials encoded in Base64:

Authorization: Basic <Base64-encoded credentials>

Example: for username:password, the header would look like:

Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=

The search API will process the request, and if the credentials are not valid, the request will not be processed.

circle-info

IMPORTANT NOTE While platform authentication is simple and easy to implement, it is inherently insecure unless combined with HTTPS. HTTPS ensures that the transmitted credentials remain private, secure, and protected from interception, making it essential for any communication involving sensitive information.

If the headers are sent over an unencrypted HTTP connection, anyone intercepting the traffic (e.g., via man-in-the-middle attacks or packet sniffing) can extract and decode the credentials.

You must ensure that the requests to the search API must be always encrypted over HTTPS.

PreviousPrerequisitesNextAPI endpoint

Last updated