Consistent with CDD’s commitment to data privacy and safety, the CDD API uses a number of industry-standard mechanisms to ensure the security of your data. Described in more detail below, these include the use of secure network protocols, token-based authorization, and adherence to vault and project permission levels.
Secure network protocol
All API calls must be done using HTTP over SSL (Secure Sockets Layer). Sending all API calls via SSL ensures that all information, including the user's token, is sent in encrypted form.
API access to data is controlled at several levels. First, a token must be obtained. Tokens are on a per user/account level. The user generated tokens are created with a specific role or set of capabilities. The actual capabilities depend on the token owner’s role relative to the vault(s) being accessed.
Even with a token, data can only be obtained from a vault to which API access has been enabled by the vault administrator.
At the next level, a user can only obtain data from projects to which they have access. A list of projects a user can access in a particular vault can be determined via an API call.