Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

AVEVA™ Events to CONNECT

TABLE OF CONTENTS

Security

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedJul 29, 2025
  • 2 minute read

When determining security practices with regards to REST APIs, you should consider the following practice. To keep the agent secure, ly administrators should have access to machines where the agent is installed. REST APIs are bound to localhost, meaning that only requests coming from within the machine will be accepted.

The AVEVA Events to CONNECT configuration supports Windows Authentication and only Administrators or users belonging to Administrators group are allowed to call the configuration REST APIs of the agent.

Security for REST API as event data source

Securing REST API endpoints involves implementing various security measures to protect the API from unauthorized access, data breaches, and other security risks. Here are some common practices to secure REST API endpoints:

  • Authentication: Implement a robust authentication mechanism to verify the identity of clients accessing the API. Some commonly used authentication methods include token-based authentication (e.g., JWT), OAuth, AIM. Choose either API Key authentication or Client Credentials authentication method that suits your requirements and implement it correctly.

  • Authorization: Once a client is authenticated, enforce authorization rules to determine what actions the client is allowed to perform. Use attribute-based access control (ABAC) to define and enforce authorization policies for different user roles or permissions.

  • Use HTTPS/TLS: Ensure that your API endpoints are accessed over HTTPS (HTTP Secure) using TLS encryption. This encrypts the data transmitted between the client and server, protecting it from eavesdropping and tampering. Obtain an SSL/TLS certificate for your API domain and configure your server to enable HTTPS.

  • Input Validation: Validate and sanitize all input received from clients to prevent common security vulnerabilities like SQL injection, cross-site scripting (XSS), or command injection attacks. Implement strict validation rules to ensure that only expected and safe data is processed by the API.

  • Error Handling: Implement proper error handling mechanisms to avoid exposing sensitive information or stack traces in error responses. Return appropriate error codes and messages without revealing implementation details that could be exploited by attackers.

  • Logging and Monitoring: Implement logging and monitoring mechanisms to track and monitor API activities. Log relevant information about requests, responses, and errors for auditing and troubleshooting purposes. Set up alerts or notifications to be alerted about any suspicious or abnormal activities.

DMZ Secure Link

DMZ Secure Link can be an important part of an overall security architecture for your operation. It helps restrict internet access to allow connections only to the online resources required to use the desired CONNECT solutions.

DMZ Secure Link uses a transparent proxy where an allowlist, maintained by AVEVA, enables connection from on-premise System A to System B (CONNECT) easily and securely. This solution requires minimal configuration and no extra administration while offering the following advantages:

  • DMZ Secure Link facilitates using AVEVA SaaS solutions in a segmented network architecture without exposing systems to the entire internet.

  • DMZ Secure Link supports compliance and regulatory requirements.

  • DMZ Secure Link can work with additional proxy servers to protect your network infrastructure.

To learn more about how to install and configure the product, click here.

In This Topic
Related Links
TitleResults for “How to create a CRG?”Also Available in