The Socital service is designed to provide maximum security for your critical data. Please follow the guidelines provided in this document to make sure you are leveraging all the security features built into the Socital service.

 

Protect your API Key

Your “API Key” is provided in BASE64 encoding, in the Account Settings of your Socital account.
The API Key is a cryptographic random number used as a shared secret between your application and Socital. Anyone who gains access to this Key may pretend to be you and perform actions on your users on your behalf, therefore it is crucial to protect the API Key. Take extra caution and never ever use the API Key on a client where malicious users could gain access to it. If for any reason you suspect this Key has been potentially compromised you can generate a new API Key from your Account Settings.

 

Load the Socital JavaScript snippet over HTTPS when used on Secured Web Pages

The Socital service supports HTTPS, meaning that you have the choice to communicate with the Socital service over a secure connection (SSL).
When integrating the Socital service within a secured page (for example, in your login page), it is highly recommended to communicate with the Socital service over a secured connection as well.
Implementing this is very simple. All you need to do is to load the Socital JavaScript snippet file from our HTTPS domain. This will not only load the librsnippetary code itself over HTTPS but will cause the snippet to perform all its communications with the Socital server over HTTPS as well.

On secured pages, the line of code should be:
<script src=”https://app.socital.com/socital.js” socital-plugin-id=”PLUGIN-SPECIFIC-ID” ></script>

Notes:
If you are using generated code or one of our code examples, the above line should substitute the equivalent line that loads Socital’s JS snippet file from an HTTP domain.

 

Infrastructure

All of our infrastructure is hosted on Microsoft’s Azure platform so we’re standing on the shoulders of a giant that guarantees network security and availability.