There are many aspects to keeping your API secure. As an API provider, you want to prevent unauthorized users from accessing your
functionality and prevent authorized users from abusing their access rights. API subscribers, in turn, want to be sure that their
personal and financial information is safe, and that their subscription cannot be used without their consent by unauthorized 3rd parties.
WebServius eliminates nearly all of the complexity out of offering a secure API - all you need to do is follow our published guidance, and contact us with any security-related questions at the API design stage. We continuously track industry best practices, emerging threats and technical standards and adjust our service accordingly.
Secure HTTPS communication between WebServius and your API functionality is fully supported, in order to prevent the discovery of the secret URL of your service. Additionally, HTTPS communication between WebServius and your API subscribers can currently be enabled at no extra cost, in order to prevent the discovery of secret API keys. A detailed discussion of the security aspects of the WebServius API proxy model can be found in the Documentation section.
The WebServius site itself uses industry best practices for dealing with personal data, and does not handle any payment information (like credit card numbers) for paid API subscribers - all payment information is collected through payment processing sites such as PayPal.
WebServius performs extensive processing for each API call: It determines whether the caller is legitimate, determines whether the caller has sufficient
balance left, logs the call, and more. Fortunately, all of this is achieved in very little time: Processing done by the WebServius engine typically adds less
than 2ms of latency.
Because WebServius proxies the calls from your API subscribers, there is naturally an additional delay associated with the extra network request (one from the API subscriber to WebServius, and one from WebServius to you). For most APIs, this additional delay is immaterial, but for some performance-critical scenarios (e.g. real-time stock quotes) it may be significant, and a different solution may be necessary - contact us for details if this applies to your case. We strive to minimize this delay as much as possible - currently, it is on the order of magnitude of 100-200ms within North America.
The WebServius Engine has been engineered as a highly scalable system, currently hosted with GoGrid Cloud Hosting. We have the ability to rapidly add capacity to handle virtually any throughput you may require, including temporary spikes in heavy API usage.
At WebServius, we strongly believe that APIs are only useful when they can be relied upon, and that dropping even a single API call can disrupt real business applications.
The WebServius Engine has been designed in a way that allows us to deploy service updates and fixes without requiring planned service downtime. The system
uses a redundant architecture to ensure that unexpected failures do not cause your API to go down. Finally, we use best-practices backup techniques to prevent the
possibility of data loss.
Specific SLAs are not provided with our free plans, but are available by special arrangement. Please contact us for details.
Copyright © WebServius 2008-2013