troubleshooting Question

mitigation for permanent API token (as cant implement per session API token)

Avatar of sunhux
sunhux asked on
JavaSecurityNetwork Security* API
6 Comments1 Solution18 ViewsLast Modified:
Our IT apps team is considering to use a “permanent API token” rather than
"per login session API token” for our internal system to obtain truck drivers
(or cargo drivers) sensitive Identification number to be sent from Self Service
Terminals (that's placed in our premises with no Internet access but these
SSTs are owned by an outsource security guard firm Certis):

I think IT apps team has issue with implementing "per session API token"
& they felt it's only a simple internal CRUD (Create Read Update Delete)
operation.   Any concern with this?

If we were to use the 'permanent' token, should this token be refreshed
every 3 months (ie the token key has to be updated into the SST every
3 months & updated into our apps 3-monthly) or any other mitigations
like use firewall to restrict API calls between those few SSTs IP & our
internal system??

Leakage of the NRIC / passport#  is punishable by local privacy laws
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 6 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 6 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros