The API uses a central authentication provider through a centralized IdP. Access to all endpoints is restricted to users/applications with API Keys and JWT tokens.

Validation mechanisms are in place for all Input parameters to prevent misuse of the parameters. The validations are in place for standard data type validation, range validation, format validation, and common security threats like cross-site scripting and SQL injection.

The APIs generate error responses based on Input parameters and their processing. For more details, click here.

All APIs are protected and are only accessible with authorization tokens. These tokens have a 24-hour expiration period and can be renewed using a refresh token.

Each consumer is assigned specific rate limits according to their selected plan. If they reach their rate limit, the API will respond with an appropriate error message.

All endpoints are secured with HTTPS, and access requires authentication keys, which are validated with each request sent to the APIs.