In this section, we explain how to establish connectivity and provide details on the API design patterns and security model.
API communication details
Communication with the Client Side Push Provisioning API involves transport layer and application layer security. The transport layer uses TLS to secure HTTP requests (HTTPS) and the application layer uses either PGP or JWE encryption. In addition, our Protocol standards to find details on our API design patterns and strategy for maintaining a robust connection with partners.
Key exchanges
Encryption keys need to be rotated before they expire or if they are compromised. As part of your implementation, you need to have a process for managing these exchanges.
To ensure key rotations do not cause temporary outages or require significant management overhead, Client Side Push Provisioning partners must support the use of multiple encryption keys at once. During a key rotation, a second key will be trusted and verified to be working correctly before the old key is removed.