API and System Security | Fenergo Document Portal

📄️ API Scopes and Access Control

Machine to Machine interaction from a client platform to the Fenergo SaaS APIs is secured using the `Client Credential` Grant Type. One of the parameters passed in the Authentication Request Body is the Scope Parameter. In essence, this parameter is asking the Authentication service to create an access token which has specific permissions. The Fenergo SaaS platform provides a granular way for clients to generate access tokens which only have the permission they need to perform the specific function they are intended for. This approach to security is better known as the System of Least Privilege and you can learn more about it API Security and Best Practice.

📄️ API Security and Best Practice

Fenergo have provided API Endpoints and capabilities so clients can create and manage their integrations as per their own requirements. We have followed industry best practice in how those API are provisioned and secured but clients must consider how they intend to use those APIs and what Security practices they intend to adopt. This document is intended to highlight common topics and suggested strategies that clients might want to follow.

📄️ SCIM Overview

SCIM (System for Cross-Domain Identity Management), is an industry standard specification designed to bring consistency to the management of user identities in cloud-based applications and services.

📄️ Encryption and BYOK

The protection of client data on our SaaS platform is of principal importance to Fenergo as a SaaS vendor. We manage the performance, availability & security of the platform and adhere to strict best practices and guidelines to not only follow a secure development process but to meet the high watermark of data protection expected by our clients. On the topic of data encryption, how it is applied to data in the following states is important:

📄️ External Authentication

Fenergo supports both mTLS (Mutual Transport Layer Security) and OAuth 2.0 Client Credentials on outbound traffic originating from the following services:

📄️ API Rate Limits

Fenergo's platform is designed with a number of safeguards in place to prevent bursts of incoming traffic, maximising the performance and stability of the product for all users.