The WebServices API requires a configuration license key file. It is also session based. Finer grained user authentication can be done using permission-based constraints. If the messaging itself needs to be encrypted, the SOAP and XML-RPC messaging can be done over SSL.
As added security, you can limit access to the API to certain systems in your network. To do this:
- Go to CUSTOMER CENTER > API MANAGEMENT > SETUP API.
- Enter the IP address in the Restrict IP Address field. Separate multiple addresses with commas, spaces or semicolons. To support a range of addresses, enter the IP range. For example, to restrict access through the API to one system at 18.104.22.168, enter that address directly. To allow access from any system on the .173 network, enter only 216.39.173.
- Click UPDATE to save the setting.