Security

Security is a critical aspect of the integration between GPAS and third-party platforms. The following security measures must be implemented to ensure a secure connection:

SSL with Mutual Certificates

SSL with mutual certificates will be used to establish a secure connection between both ends. This ensures that:

All data transmitted between systems is encrypted
Both systems can verify the identity of the other party
Man-in-the-middle attacks are prevented

Firewall Configuration

The firewall will be configured to only allow access to the API server from IP addresses that are white-listed. This provides an additional layer of security by restricting access to known and trusted sources.

Authorization Process

The authorization process verifies if the user has access to perform the required actions. This ensures that only authorized users and systems can interact with the API.

Message Authentication

Each message will contain an authentication signature formed by an SHA1 hash which will be created using the body of the message and a key provided by GPAS. This ensures:

Message integrity: Any tampering with the message content will be detected
Authentication: Only parties with the correct key can generate valid signatures
Non-repudiation: The sender cannot deny having sent the message

For detailed information on how to implement the signature, see the X-Signature section in the appendices.