...
Transport Level Security
The API interfaces require the use of a URL . It is important that you of the SAS server. You must use the HTTPS: and not HTTP. The MFAS SAS will not accept HTTP requests.
Sever to Server Communications Only
This API is used for app server to SurePassId communications only. The API contains sensitive information that you would not expose in a non-secure environment such as a mobile app. Mobile apps invoke requests on the SurePass REST proxy interface and the proxy forwards that request to SurePassId. More on this later.
IP White Listing
It is strongly recommended that you limit access to your MFAS your SAS accounts from applications on a trusted IP/domain. In the MFAS the SAS server you can specify a white list access list of IP addresses that are valid for your account. Alternatively, the MFAS SAS does support certificates for apps using web services and WCF applications. Contact us for more information on configuring this level of security.
This API is used for app server to SurePassId communications only. The API contains sensitive information that you would not expose in a non-secure environment such as a mobile app. Mobile apps invoke requests on the SurePass REST proxy interface and the proxy forwards that request to SurePassId. More on this later.