PermID API / Response to security team inquiry

Tatsuo

Dear Team,
As we begin to utilize the PermID API, our security department has raised the following questions. Could you please advise how we should respond?
"There is a risk that malicious attacks (such as DDoS) on API communications could compromise the security of the environment and lead to malware infection. This contaminated environment could then be accessed by us, posing a risk of damage to our company. What measures does LSEG have in place to counteract such malicious activities on API communications?"
Thank you for your assistance.

Jirapongse

@Tatsuo

Thank you for reaching out to us.

Typically, the Developer Community Forum is intended for general or how-to questions related to API usage.
Based on what I know, the following points summarize how API security is generally handled:

• Strong authentication mechanisms (such as API keys) are used to ensure that only authorized entities can access the APIs.
• Data in transit is encrypted using TLS/SSL to protect against man-in-the-middle (MITM) attacks.
• Rate limiting is implemented to control the volume of requests and prevent abuse.

For more detailed information regarding API security, please contact the product team directly at permid.feedback@lseg.com.

Tatsuo

Tatsuo

Thank you for your response.