Among the many things that we do at the Copernica R&D department is the transition to a new object model. Our software has (of course) a layered architecture in which the user interface, the data storage layer and the object model are all seperated. The current data layer in this setup is called POM which stands for Publisher Object Model. But this is about to change.
To improve the safety of the Copernica software some functionalities will be shut off at the end of the year. The main changes will be in the access rights of users and the old login method of the SOAP API. This is why we ask you to check the access rights of your users and, if you use the SOAP API, to upgrade to the new system using access tokens.
APIs and security
Copernica has two APIs programmers can use to link websites, apps or other programs with Copernica’s software: a REST API and a SOAP API. Both APIs can be accessed using so-called ‘access tokens’. These are long strings of characters that are extremely hard to guess by hackers (provided that you keep them a secret). However, you can also log in to the SOAP API with a username and a password, a method that is less safe. This is because passwords can be guessed, especially when they are simple and short. This is why we recommend you switch to a system with access tokens only.
Even if you do not use the SOAP API yourself your attention is required. It might be the case that there are users within your account that have (unnecessary) ‘API- access’ enabled. Their password can provide access to the SOAP API, while there is no need for this. People with malicious intentions that crack such passwords can compromise your data on their behalf. This is why it is better to remove the API access from all users.
In short: Check if there are any users with API access and remove it. Are you using the SOAP API? Switch to access tokens to improve the safety of your account.
Configuring access tokens
Access tokens can be configured through the dashboard on the Copernica dashboard. If you have multiple applications that need access to the API you can create several access tokens. If you suspect that your access token is compromised or want to remove it for any other reason you can also revoke access tokens through the dashboard. You can enable read and write access per token to make sure no unwanted changes are made to your data. You can upgrade to the system using access tokens by following the steps below.
- Go to the user dashboard in the software and remove API access from all users.
- Go to the dashboard on the Copernica website and create a new access token for your application.
- Change your scripts to use the access token.
Security measures from Copernica
Of course Copernica has taken several measures to protect your account: it’s no longer possible to give API access to new and existing users. API access can only be withdrawn, meaning the number of users with access can only be reduced. By looking at the logs we have tried to estimate which users don’t use the API anymore and disabled access for them. Despite these measures it is advised to go to the user dashboard to check if there are no users that have unnecessary access to the API.