Note: The Secure Code Warrior® API follows a standard configuration for its use cases and is functioning as expected.
The API key passed in the header is standard practice for the way this API is being used.
It's important to note the following:
- API access is disabled by default. Only Company Admins can generate a new key from the Company Administration section
- We give you control of managing your API keys and storing them safely. The keys are hashed and we don't have access to them
- The API is only accessible over HTTPS
- The API is regularly tested as part of our ongoing pen-testing program to look for vulnerabilities
Overall, we follow the standard design practices and ensure there are adequate controls in place for protecting the information being retrieved. We'll continue to assess API security as part of our ongoing continuous improvement activities.