Authentication and Authorization

For authentication, we rely on certificates issued by GlobalSign, a leading provider in identity and security solutions. These certificates contain a ThumbPrint used whenever an API session is requested.

The certificate file is used when requesting an access token. We use standard JWT OAuth 2.0 signed token. Our tokens contain the access rights of the user requesting access.

To receive an access token, you must send the certificate details, username, and password, encoded in Base64 using Basic Authentication scheme to our Authorization endpoint. Access tokens expire after 5 minutes.

Encryption

All BC Connect APIs enforce mutual TLS 1.2.

Web Application Firewall

We use a Web Application Firewall configured to OWASP standards to protect against vulnerabilities such as SQL injections, DDoS and XSS attacks.

Our WAF logs are under continuous security monitoring 365 days per year, using a dedicated Managed Detection & Response service.