APIs (Application Programming Interfaces) are an integral part of cloud computing and help businesses to scale their operations and improve efficiency by connecting data in the cloud. However, to ensure that innovation develops rapidly and at scale, it is important that APIs are secure.
PolicyDock, a global insurance technology leader, is committed to delivering secure APIs to its customers. Here are some of the measures that PolicyDock takes to ensure the safety of its APIs:
1. Regular security assessments
PolicyDock follows the updates provided by the Open Web Application Security Project (OWASP), a non-profit foundation that provides information on security vulnerabilities. PolicyDock also follows the OWASP Top 10, a standard awareness document that is regularly updated by security experts to reflect the most pressing security risks to web applications. PolicyDock evaluates its systems constantly and considers the impact of changes made on security.
2. Tight access controls
PolicyDock follows the principle of least access, which means that components and developers are given only the access they need to retrieve information from the system. Databases are encrypted at REST and in transit, and object level authorization is considered for every function that accesses a data source. In the absence of approval, entry is denied.
3. Use of JSON Web Tokens (JWT)
PolicyDock uses JWT for authentication or authorization. JWTs are digitally signed, which ensures the identity of the person and protects against tampering with the content. Proper implementation of authentication mechanisms is critical to API security as attackers can compromise authentication tokens and exploit implementation flaws to assume identities.
PolicyDock is a global insurance technology leader, delivering best-in-class insurance innovation while providing today’s industry with the most seamless onramp possible. Guided by a world-class advisory board and with backgrounds in fields spanning insurance, fintech, artificial intelligence, cloud technology, and big data, the growing PolicyDock team is dedicated to delivering accessible innovation to the entire insurance industry.
ARTICLE WRITTEN BY: PolicyDoc PolicyDoc is part of our Insurtech Batch 4 program in Plug and Play.