Information submitted through the support site is private but is not hosted within your secure CDD Vault. Please do not include sensitive intellectual property in your support requests.

Security and Access Control

Consistent with CDD’s commitment to data privacy and safety, the CDD API uses a number of industry-standard mechanisms to ensure the security of your data. Described in more detail below, these include the use of secure network protocols, token-based authorization, and adherence to vault and project permission levels.

Secure network protocol

All API calls must be done using HTTP over SSL (Secure Sockets Layer). Sending all API calls via SSL ensures that all information, including the user's token, is sent in encrypted form.

Access Control

API access to data is controlled at several levels. First, a token must be obtained. Tokens are on a per user/account level. The user generated tokens are created with a specific role or set of capabilities. The actual capabilities depend on the token owner’s role relative to the vault(s) being accessed.

Even with a token, data can only be obtained from a vault to which API access has been enabled by the vault administrator. 

At the next level, a user can only obtain data from projects to which they have access. A list of projects a user can access in a particular vault can be determined via an API call.

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.