The Socital service is designed to provide maximum security for your critical data. Please follow the guidelines provided in this document to make sure you are leveraging all the security features built into the Socital service.
Protect your API Key
Your “API Key” is provided in BASE64 encoding, in the Account Settings of your Socital account.
The API Key is a cryptographic random number used as a shared secret between your application and Socital. Anyone who gains access to this Key may pretend to be you and perform actions on your users on your behalf, therefore it is crucial to protect the API Key. Take extra caution and never ever use the API Key on a client where malicious users could gain access to it. If for any reason you suspect this Key has been potentially compromised you can generate a new API Key from your Account Settings.
The Socital service supports HTTPS, meaning that you have the choice to communicate with the Socital service over a secure connection (SSL).
When integrating the Socital service within a secured page (for example, in your login page), it is highly recommended to communicate with the Socital service over a secured connection as well.
On secured pages, the line of code should be:
<script src=”https://app.socital.com/socital.js” socital-plugin-id=”PLUGIN-SPECIFIC-ID” ></script>
If you are using generated code or one of our code examples, the above line should substitute the equivalent line that loads Socital’s JS snippet file from an HTTP domain.
All of our infrastructure is hosted on Microsoft’s Azure platform so we’re standing on the shoulders of a giant that guarantees network security and availability.