Syniverse CPaaS platform, makes it available API services that needs to be secured due to the nature of its accessibility. For the specific case of SCG API, we support multiple security options that provides secure access and delivery of services and the related data.
The security options are implemented following industry standard access protocols and encryption methods that are easily implemented enabling the enterprise application integrators and developers to achieve secure access to the SCG API and secure encrypted data transfers.
This document provides an overview of SCG security measures and encryption options available out of the box, on SCG API .
SCG API Network Connectivity/Security
Organizations may require SCG the ability to support authentication methods when using the Syniverse CPaaS platform SCG.
Currently SCG provides support for the following protocols:
- Transport Layer
- TLS 1.2 (default)
- Connecting Authentication
- Bearer Token
- SSO
- OAuth2.0
- Messages Payload Encryption
- JWE
These security options are implemented in the provisioning steps of SCG, when the servers
connectivity is being set up. The Detail Technical Plan (DTP) will provide the options to implement.
ESS - Webhook Configuration Security
Syniverse SCG Event Subscription Service (ESS) provides information as callbacks to customer webhooks configuration on Mobile Originated incoming traffic (MO) and message delivery receipts (DR) to securely get states of Outgoing traffic delivery status info. This service supports security options for connection authentication and payload encryption. The available options are listed below:
- Transport Layer
- TLS 1.2 (default)
- MTLS
- Connecting Authentication
- Basic
- OAuth2.0
- Messages Payload Encryption
- JWT
- JWE
These security options are configured in the SCG UI and in the integration development. The Detail Technical Plan (DTP) will provide the options to configure and to develop.
SCG Portal – Messages data displaying options
The SCG portal provides multiple reports that shows the message details including the message body. The message body is deployed by default. This SCG UI is intended to provide information to integrators and systems technical persons. Some enterprises require to keep all users from access the messages body. SCG can optionally prevent to display the message body on the portal.
Additionally, the option can be set by message direction: to MT and to MO messages independently.
This options, to avoid displaying the message body in the SCG UI, can be set by the Syniverse API operations team.
For more articles about Event Subscription Service click here
0 Comments