How to securely connect to LabMobile's SMS API
Index
You can generate multiple passwords to use for different connections or applications.
SMS communication platforms function utilizing integration with the applications of their clients. The vast majority of these connections are created through a REST API with the parameters sent via http/GET or http/POST.
LabsMobile has an API SMS service with versions in http/GET, http/POST, WebService and SMTP. To enhance the security of these communications, we recommend you follow the indications described below.
Objectives:
- Protect the account password so that it cannot be intercepted.
- Protect the user account and platform against a massive attack or brute force.
- Guarantee the privacy of communications and that third parties do not have access to any data sent (telephone numbers, messages etc.).
Token password
The first step is to generate a token password (under My Account – Passwords) to be used in calls from the SMS API. You can generate multiple passwords to use for different connections or applications.
Token passwords are a length of 32 random characters. This increases security against brute force attacks that uses automated software to guess passwords using trial and error.
Using one or more passwords for the API also ensures that the user’s main account password on the LabsMobile platform is not compromised. If a connection is under threat, all you have to do is generate a new password and apply it.
HTTPS Protocol
All the versions of the LabsMobile REST API can connect through the HTTPS protocol.
The use of HTTPs makes sure that the password is sent securely. An HTTPS connection utilizes the SSL/TLS protocol over TCP/IP. In this way, the password is encrypted from point to point and it is not possible for third parties to be able to intercept it.
Filter by origin IP address
One additional method to enhance the security of API connections is to utilize the IP filter, found under Account Preferences. This works by registering the address or IP addresses of the servers from which connections will be made. With the IP filter activated, the API will only accept connections from the IP addresses entered. All of the rest will be rejected and prevented from connecting by the LabsMobile platform.
This ensures that no other server will be able to send messages through your account, even if they have hacked the password.
Our team advises you
Interested in our services?
Our managers and technical team are always available to answer all your questions about our SMS solutions and to advise you on the implementation of any action or campaign.
Contact us