In many scenarios, communicating or interfacing with other systems and services is required in order to either send data from the website to other sites or vice versa. In such situations, communication between websites is mostly done through APIs (Application Programming Interfaces). Those APIs take many forms like
XML data,
JavaScript code, web services, .NET DLLs etc.
The following
should be considered when we have a similar situation:
- If applicable, a Service Level Agreement SLA should be set between the 2 different parties to govern the rules and procedures of communication and responsibilities.
- In cases where the website needs to expose non-sensitive data to be used by other platforms like news, events etc. Such data should be exposed as XML via RSS format as this is the most widely spread format for websites that wish to exchange data.
- In cases where the website is supposed to expose specific data or services to other platforms in a secure manner, then a secure API must be implemented and a strict authentication policy must be set for the systems that wish to communicate with this API.
- In cases where user data is to be accessed then the user’s consent must be obtained.
- Depending on the privacy level of the data being communicated, the proper security measures must be implemented.
Example:
Communicating credit card information should take place over an SSL connection.
Communicating any private/personal information should be subject to strict authentication rules so that this information cannot be accessed by anonymous users.