PermID API / Response to security team inquiry

Tatsuo
Tatsuo Newcomer
edited September 29 in Open PermID

Dear Team,
As we begin to utilize the PermID API, our security department has raised the following questions. Could you please advise how we should respond?
"There is a risk that malicious attacks (such as DDoS) on API communications could compromise the security of the environment and lead to malware infection. This contaminated environment could then be accessed by us, posing a risk of damage to our company. What measures does LSEG have in place to counteract such malicious activities on API communications?"
Thank you for your assistance.

Tagged:

Answers

  • Jirapongse
    Jirapongse ✭✭✭✭✭

    @Tatsuo

    Thank you for reaching out to us.

    Typically, the Developer Community Forum is intended for general or how-to questions related to API usage.
    Based on what I know, the following points summarize how API security is generally handled:

    • Strong authentication mechanisms (such as API keys) are used to ensure that only authorized entities can access the APIs.
    • Data in transit is encrypted using TLS/SSL to protect against man-in-the-middle (MITM) attacks.
    • Rate limiting is implemented to control the volume of requests and prevent abuse.

    For more detailed information regarding API security, please contact the product team directly at permid.feedback@lseg.com.

  • Tatsuo
    Tatsuo Newcomer
  • Tatsuo
    Tatsuo Newcomer

    Thank you for your response.