Security

Transport

All requests are transmitted and responded to using HTTPS over TLS 1.2 with AES encryption.

Access Control

Registered applications of the integration API are granted permissions within SmartSuite in a similar way to user roles, and may be very granular. It is strongly recommended to grant the least permissible permissions for the integration to function correctly.

Authentication

The basic authentication username should be set to the 'Application Id', and the password should be set to the 'Application Password'.

Application passwords are created with the SmartSuite Web Interface. After creation, these are stored in hashed form and are non-retrievable. New application passwords can be generated, and old passwords revoked, should the need arise.

For Permissions required, see the Integration API documentation.

If your HTTP client does not support authentication schemes, it is possible to add an Authentication header to the HTTP request and calculate the content as follows:

username = "EE423C89-6E23-4444-ABD5-8BE6DAF0C66D"
password = "099D48AE-EC59-4FAE-95BA-6EA6BA670324"

token = username + ":" + password

header = "Authentication: Basic " + base64encode(token)

Reference:

• HTTP Basic Authentication
• Base64 Encoding