Security measures between your client to our API server
Security of the API is accomplished by only accepting connections over the HTTPS protocol. This ensures that all data flow is encrypted in both ways.
In the past, we have recommended checking the certificate fingerprint for an additional layer of security. However, for practical reasons, this is no longer recommended, since the fingerprint will change everytime the certificate is renewed. Additionally, the added security benefit is limited, since our certificates are issued by a globally trusted provider.
How to disable fingerprint checking
If you are using our PHP client, an update to the latest version (v1.9.1+) will disable fingerprint checking.
If you are using your own client, you may not even have implemented fingerprint checking. But if you have, please find the fingerprint checking code and remove or disable it.
Security measures between the API server and your database server
In some cases, our API server connects with your database server. To provide security to your database instance, we recommend using encryption. We have written a manual for this procedure, which can be found here: PostgreSQL SSL Manual.
If you prefer whitelisting as an additional security measure, you may use these instructions: Database Whitelisting. But we strongly recommend against using whitelisting, because your configuration may break as we add additional API servers.