Security

The adapter security standard is concerned with the authentication of client and server applications, the authentication of users, and confidentiality of their communication. Because the security model relies heavily on Transport Level Security (TLS) to establish a secure communication link with a server, each client, including the adapter, must have a digital certificate deployed and configured. Certificates uniquely identify client applications and machines on servers, and allow for creation of a secure communication link when trusted on both sides.

The adapter generates a self-signed certificate when the first secure connection attempt is made. The adapter's certificates and those of the server are stored in the certificate store, which is shared between all adapter instances.

The adapter can be configured to use a custom certificate by adding the certificate and private key to the adapter's own certificate store and adding a configuration file to the adapter configuration directory.

When determining adapter security practices with regards to REST APIs, you should consider the following practice. To keep the adapter secure, only administrators should have access to machines where the adapter is installed. REST APIs are bound to localhost, meaning that only requests coming from within the machine will be accepted.