How do the Web Portals for Acctivate access my data?
The web portals we design for you at Excelss access your Acctivate data through an API.
Just what is an API? Let’s, briefly, start out there.
If you’re not familiar with tech speak, an API, or Application Programming Interface, tells different software components how to communicate with one another. The API provides a bridge from our B2B portal to your Acctivate database. Easy enough, right? Yes, but a lot of thought goes into creating an API that performs the exact function we need and nothing more.
Our proprietary Restful API is developed with the safety of your data in mind. Once configured, the API is secure, reliable and maintenance-free.
Admittedly, this is a technical task. The level of “headache” required to get started depends on your network set up and who maintains it. Most systems can be completed in a day or two. In this article, I will explain all of the steps required so that you can discuss it with your provider before ordering our service.
Step 1 – The Firewall Rules
Like the lock on your office door, a firewall sits between your Acctivate data and the World Wide Web to keep you safe from unwelcome visitors. Our API needs a “key” to get in so that it can provide data to the portal. That’s where the firewall rules pop in to help!
Your IT provider will set up a rule that tells the firewall to let our API in and send it directly to your Acctivate database. No stopping in your My Documents folder along the way – nothing else on your network is accessible to the API.
The access is also limited to the IP address for our API service, so no one else can accidentally be let through the front door. We designed the portals and our other Acctivate utilities to use an API for this very reason. All access comes through a single, secure point of access.
Step 2 – Configure the MS SQL Server
Once the firewall is set up, we just have to tell Microsoft that we will allow remote connections to the database. This is normally configured by default, but in some cases, it has been disabled as a security precaution. Using the MS SQL Server Configuration Manager, your IT provider will enable remote access. Don’t worry – this is a simple setting to change and we will provide instructions.
Step 3 – Add an API User
We use a special API “user” that has limited access to your database. This keeps your data even more secure because the limited user can do only what we specifically need to do. This step can be done by your Acctivate consultant or an IT provider. We provide detailed instructions, but we can also do this for you over a remote support connection.
Step 4 – Create your API Key
The final step is done on our end. We create an API key and secret (another level of security) that is linked to your account. We add this key and secret to your portal account, which is then used with secure tokens to access the API, which in turn communicates with your Acctivate data.
Is our data safe?
We take the security of your data seriously. Of course, your data would be more secure if you just locked down the network and didn’t allow access! But we live in a world where people expect instant access to their account information, so a bit of a compromise is in order. The solution to this compromise is to take every precaution to keep your data safe.
We have spent years perfecting the process of safely providing remote access to your data. We use multiple layers of protection so that your Acctivate database is not at risk, even if one or two layers experience a breach.
Here are the four additional ways in which we help to ensure your data stays safe:
1. Only one server touches your Acctivate database.
2. Your IP address is stored only at the “root” level of the API server. The API uses an alias to communicate with your database. Access to the “root” of our server is restricted to senior staff and only with a secure private/public key pairing.
3. Your firewall limits access to your database by only allowing the single IP address of our API server to connect to your data.
4. Our special API user limits the access to your data to “read-only” and to execute pre-approved procedures that perform only the operations needed.
Need assistance to get your API up and running? Contact us “Here” to get started.