Making API methods Accessible from the Internet: Security Recommendations

By default, all API methods are published without restrictions, that may possess security threats. For accessing API methods from Internet, we recommend enabling limitations on WAF, border L7 balancer, etc.

If you use Web SDK only, you don't need to publish API methods on the Internet.

API

The information below is relevant for Oz API 5.2.

For Oz API with Mobile SDK, make sure these methods are accessible from the Internet:

# Mobile SDK for Android:
@POST("api/authorize/auth")
@POST("api/authorize/refresh")
@POST("api/folders")
@DELETE("api/folders/{folder_id}")
@POST("api/folders/{folder_id}/analyses")
@GET("api/folders/{folder_id}/analyses")
@GET("api/folders/{folder_id}/media/")
@GET("api/folders/{folder_id}/")
@GET("api/ab-testings-configs")
@GET("api/analyses/{analyse_id}")
@POST("api/folders/{folder_id}/media")
@POST("api/event_sessions")
@POST("api/instant/folders")

# Mobile SDK for IOS:
@GET("api/ab-testings-configs")
@POST("api/authorize/auth")
@POST("api/authorize/refresh")
@POST("api/event_sessions")
@POST("api/folders/?")
@POST("api/folders/(folderId)/media/")
@GET("api/analyses/")
@POST("api/instant/folders")
@GET("api/collections")
@POST("api/folders/(folderID)/analyses")
@GET("api/folders/(folderID)?with_analyses=true")

You may need to extend this list depending on how Oz API has been integrated into your infrastructure.

Web SDK

For Web SDK, make sure these methods are accessible from the Internet. Your Web SDK URL is the Web Adapter URL you have received from us.

<Your Web SDK URL>/plugin_liveness.php
<Your Web SDK URL>/config.php
<Your Web SDK URL>/init.php
<Your Web SDK URL>/tm.php
<Your Web SDK URL>/result.php
<Your Web SDK URL>/request.php
<Your Web SDK URL>/plugin/liveness-*.css
<Your Web SDK URL>/plugin/ozliveness_main.js
<Your Web SDK URL>/plugin/faceworker.js
<Your Web SDK URL>/plugin/vendor/*.js
<Your Web SDK URL>/plugin/vendor/*.wasm
<Your Web SDK URL>/plugin/vendor/models/**/*

Last updated