Published: Dec 01, 2017
Last update: Jun 27, 2022
API SMS Segurity SMS how to

How to securely connect to LabMobile’s SMS API

SMS Security

You can generate multiple passwords to use for different connections or applications.

SMS communication platforms function utilizing integration with the applications of their clients. The vast majority of these connections are created through a REST API with the parameters sent via http/GET or http/POST.

LabsMobile has an API SMS service with versions in http/GET, http/POST, WebService and SMTP. To enhance the security of these communications, we recommend you follow the indications described below.

Objectives:

  •    Protect the account password so that it cannot be intercepted.
  •    Protect the user account and platform against a massive attack or brute force.
  •    Guarantee the privacy of communications and that third parties do not have access to any data sent (telephone numbers, messages etc.).

Token password

The first step is to generate a token password (under My Account – Passwords) to be used in calls from the SMS API. You can generate multiple passwords to use for different connections or applications.

Token passwords are a length of 32 random characters. This increases security against brute force attacks that uses automated software to guess passwords using trial and error.

Using one or more passwords for the API also ensures that the user’s main account password on the LabsMobile platform is not compromised. If a connection is under threat, all you have to do is generate a new password and apply it.

HTTPS Protocol

All the versions of the LabsMobile REST API can connect through the HTTPS protocol.

The use of HTTPs makes sure that the password is sent securely. An HTTPS connection utilizes the SSL/TLS protocol over TCP/IP. In this way, the password is encrypted from point to point and it is not possible for third parties to be able to intercept it.

Filter by origin IP address

One additional method to enhance the security of API connections is to utilize the IP filter, found under Account Preferences. This works by registering the address or IP addresses of the servers from which connections will be made. With the IP filter activated, the API will only accept connections from the IP addresses entered. All of the rest will be rejected and prevented from connecting by the LabsMobile platform.

This ensures that no other server will be able to send messages through your account, even if they have hacked the password.