The term ‘security’ penetrates the APS SDK documentation as one of the most business sensitive aspects of the integration process.
The APS team does its best to prevent vulnerabilities in the backend framework, control panels, and the application UI that plugs into those panels. The SDK documentation helps application integrators avoid flaws in the custom code that users or other applications can exploit to damage the system intentionally or non-intentionally. In the integration concepts and explanations of the APS API, you can find the notes and warnings about restrictions and possible consequences of a vulnerable code. The application certification process contains the thorough validation rules in the Technical Review step to ensure the application quality, especially in the scope of security.
We want all the parties cooperating on the basis of the APS ecosystem to be confident in the protection of their integrated software systems and sensitive data from theft or damage as well as from disruption or misdirections of the services provided by those applications.
For this purpose, the following documents help you understand the main concepts of the APS embedded security model and provide recommendations that help you keep your systems protected from possible attacks or misbehavior.