Integration of External Services

Security procedure and permissions

5 min read · Tagged
  • security
  • technology
Anders Ingemann, Operations Manager & Developer
Published March 16, 2021

External services that integrate with Orbit are given a minimal set of permissions required to perform their function.

Validation rules

External access is validated through the token authentication mentioned in the article - User access to Orbit. Orbit Online keeps an encrypted backup of those tokens. However, their safekeeping on the customer side is undoubtedly the responsibility of the customer.

Transferring of the access token

The tokens are transferred via a two-channel method. Commonly, Orbit Online encrypts the secret strings with a password, sends the ciphertext via email, and transmits the encryption key via either a phone call or text message. Upon transmission, both the ciphertext and the password are deleted from Orbit Online’s records. Reducing the likelihood of an attacker gaining access to Orbit if one, or both, communication channel should suffer a security breach.

Orbit Online recommends that your organisation follows the same procedure.

Read more about Orbit Security Mechanisms & Procedures

Data encryption policy

User access to Orbit

Manage permissions in Orbit

Personnel access to Orbit

Handling Security Exploits & Incidents

Isolation of components

The integrity of the Orbit codebase

Orbit Online A/S
Åbogade 25A
8200 Århus N
+45 7734 4539

CVR: 30 80 09 82