Some of the interfaces such as the web services interface require the use of a URL. It is important that you use the HTTPS: and not HTTP. The MFAS will not accept HTTP requests.
It is strongly recommended that you limit access to your MFAS accounts from applications on a trusted IP/domain. In the MFAS server you can specify a white list access list of IP addresses that are valid for your account. Alternatively, the MFAS does support certificates for apps using web services and WCF applications. Contact us for more information on configuring this level of security.
This API is used for app server to SurePassId communications only. The API contains sensitive information that you would not expose in a non-secure environment such as a mobile app. Mobile apps invoke requests on the SurePass REST proxy interface and the proxy forwards that request to SurePassId. More on this later.