# Publishing API Methods in the Internet: Security Recommendations

By default, all API methods are published without restrictions, that may possess security threats. For accessing API methods from Internet, we recommend enabling limitations on WAF, border L7 balancer, etc.

{% hint style="info" %}
If you use Web SDK only, you don't need to publish API methods on the Internet.
{% endhint %}

## API

The information below is relevant for Oz API 5.2.

For Oz API with Mobile SDK, make sure these methods are accessible from the Internet:

```bash
# Mobile SDK for Android:
@POST("api/authorize/auth")
@POST("api/authorize/refresh")
@POST("api/folders")
@DELETE("api/folders/{folder_id}")
@POST("api/folders/{folder_id}/analyses")
@GET("api/folders/{folder_id}/analyses")
@GET("api/folders/{folder_id}/media/")
@GET("api/folders/{folder_id}/")
@GET("api/ab-testings-configs")
@GET("api/analyses/{analyse_id}")
@POST("api/folders/{folder_id}/media")
@POST("api/event_sessions")
@POST("api/instant/folders")

# Mobile SDK for IOS:
@GET("api/ab-testings-configs")
@POST("api/authorize/auth")
@POST("api/authorize/refresh")
@POST("api/event_sessions")
@POST("api/folders/?")
@POST("api/folders/(folderId)/media/")
@GET("api/analyses/")
@POST("api/instant/folders")
@GET("api/collections")
@POST("api/folders/(folderID)/analyses")
@GET("api/folders/(folderID)?with_analyses=true")
```

You may need to extend this list depending on how Oz API has been integrated into your infrastructure.

## Web SDK

For Web SDK, make sure these methods are accessible from the Internet. `Your Web SDK URL` is the Web Adapter URL you have received from us.

```bash
<Your Web SDK URL>/plugin_liveness.php
<Your Web SDK URL>/config.php
<Your Web SDK URL>/init.php
<Your Web SDK URL>/tm.php
<Your Web SDK URL>/result.php
<Your Web SDK URL>/request.php
<Your Web SDK URL>/plugin/liveness-*.css
<Your Web SDK URL>/plugin/ozliveness_main.js
<Your Web SDK URL>/plugin/faceworker.js
<Your Web SDK URL>/plugin/vendor/*.js
<Your Web SDK URL>/plugin/vendor/*.wasm
<Your Web SDK URL>/plugin/vendor/models/**/*
<Your Web SDK URL>/plugin/ozliveness_core.js
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://doc.ozforensics.com/oz-knowledge/guides/administrator-guide/publishing-api-methods-in-the-internet-security-recommendations.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.