API: Security
Parmvir Singh avatar
Written by Parmvir Singh
Updated over a week ago

All Monotype APIs follow the standard security practices for REST APIs.

Authentication and authorization

The API uses a central authentication provider through a centralized IdP. Access to all endpoints is restricted to users/applications with API Keys and JWT tokens.

Input validation

Validation mechanisms are in place for all Input parameters to prevent misuse of the parameters. The validations are in place for standard data type validation, range validation, format validation, and common security threats like cross-site scripting and SQL injection.

Error handling

The APIs generate error responses based on Input parameters and their processing. For more details, click here.

Access control

All APIs are protected and are only accessible with authorization tokens. These tokens have a 24-hour expiration period and can be renewed using a refresh token.

Rate limiting

Each consumer is assigned specific rate limits according to their selected plan. If they reach their rate limit, the API will respond with an appropriate error message.

Secure communication

All endpoints are secured with HTTPS, and access requires authentication keys, which are validated with each request sent to the APIs.

Did this answer your question?