Developer Community Gateway Services Security
Syniverse employs and maintains strong security measures, including authentication and data encryption, to address impacts from malicious activities and minimize any effect on the services we provide to you.
Application Security
Application security is safeguarded through various methods. API calls are only allowed through https via the SSL/TLS standard, currently supported standard is TLS 1.2. Applications and the resources consumed by applications are validated through OAuth 2.0 framework. This framework is described in detail in RFC 6749 and the use of the bearer token is described in RFC 6750.
Your application will have three different keys: consumer key, consumer secret and access token (also known as bearer token).
Remember to protect your keys and tokens like any piece of valuable information. If your deployment cannot protect the consumer secret (in the scenario where you would implement the consumer keys into the source code), then there is a high risk a third party can gain access to your user profile and accounts in Syniverse Developer Community and create billable actions, which might also have other legal liabilities tied to them.
If you think that your consumer key and secret have been compromised we suggest that you create a completely new application with new authentication key values.
If only your access token has been compromised, there is an option to re-generate the access token. The initial access token generated for your application has a timeout value of 1 hour. After first re-generation the token is valid indefinitely but you have the option to re-generate the access token as often as you need or want.
OAuth Call sequence
Below is an example OAuth Call sequence between an application, Syniverse Developer Community and Service Offering being consumed by the application.
User Security
User security is guarded by access validation using a unique username and secure password set by user. Syniverse recommends that only a limited amount of users have full entitlements to your Company environment. This helps you to mitigate risk if any user account is compromised. Some of the Syniverse Developer Community (SDC) API resources require that the request contains user token (created through a login process, please see the API call for login) and access token. This is to validate that the user has the proper entitlements to make the required API call(s).
Payment Security
Payments using credit cards are managed by our payment provider who is a validated Level 1 PCI DSS-Compliant service provider. They secure all transactions made through the Syniverse Developer portal.
Syniverse Developer Community doesn't store any information about the Credit Cards entered into the fields. These fields communicate directly with the payment provider and Syniverse Developer Community gets back a token that represents the payment method. When you top up accont with money, only the token is passed back to payment provider to validate that credit card can be charged.