Security of APIs & Integration Interfaces

LLN Robot protects integration interfaces with multiple controls beyond basic authentication:

  • Transport security: All API traffic is encrypted in transit (HTTPS/TLS 1.2+).
  • Scoped access: API usage is restricted to authorised admin users through role-based access control (RBAC).
  • Key-based authentication: The student data API requires an API key presented in the Authorization header; keys are managed by an administrator and can be rotated at any time.
  • Secure configuration & hardening: We follow recognised industry baselines for system hardening and restrict unnecessary services and ports.
  • Secure development and testing: Security testing is aligned to OWASP principles, covering session handling, authentication and authorisation, input validation, error handling, and logging. Periodic external penetration tests are performed, and identified issues are remediated promptly.
  • Patch management: Cloud resources, application runtimes, and dependencies are patched under a formal patch management policy and change control process.

We do not implement client-specific custom hardening such as per-tenant IP allow-lists or unique session policies.

Still need help? Contact Us Contact Us