Developer Security Requirements in AccountingSuite™

API Security

Shared Responsibility

At AccountingSuite™ we take data security seriously, and we expect our Integration Partners to use the best efforts in securing our user data. Our responsibility is to ensure that AccountingSuite™ products and services are secure. Your responsibility is to ensure that you follow secure practices for integrating with the AccountingSuite™'s software and services.


Privacy Policy and Terms of Use

All AccountingSuite™ Integration partners should maintain the latest Privacy Policy and Terms of Use on their website, and the latest URLs on the AccountingSuite™ App in the Developer Portal at all times.  

Integration Security

Integration Partners are required to use industry best practices to implement access and security controls in order to safeguard sensitive information, including Application Keys. Integration Partners are required to implement security best practices in their application for all endpoints when writing to, or reading from, an AccountingSuite™ endpoint.

Integration partners are required to have TLS and HTTPS enabled for all pages AccountingSuite™ end-users are served. 

A non-exhaustive list of the best practices include:
  1. Implementing Cross-Site Request Forgery (CSRF) protection on redirect URLs;
  2. Serving all redirect URLs using the Transport Layer Security (TLS) protocol; and

  3. Securely storing and transmitting Application Keys, Access Tokens, Authorization Codes, Refresh Tokens, Client Secrets and other credentials.

Notification for Security Breaches

Integration Partners are required to notify AccountingSuite™ by email to support@accountingsuite.com if/when any potential or actual breach incident is identified that may have compromised end-user  data (including personally identifiable information) or security tokens (such as integration keys).

Compliance

Integration partners should follow applicable laws and compliance policies, like CCPA, GDPR and other local compliance policies when working with AccountingSuite™'s client data. 
Some of the practices include:
1. Requesting and Retaining only the minimum data required for the integration;
2. Deleting data securely when retention is not needed anymore; and
3. Maintaining the provisions of our Privacy Policy;
4. Disclosing the retention scope and policy to your end-users.

Account Security

Integration Partners must have a strong password for their AccountingSuite™ account. If you are using Google to sign-in, ensure you have adequate protection in place for Google account access. Ensure that any AccountingSuite™ keys are stored/transmitted safely and securely, and that they are protected from accidental exposures.


Personally Identifiable Information

Ensure that data containing Personally Identifiable Information (“PII”) that belongs to AccountingSuite™ end-user accounts are redacted (as text or as image) before saving to your systems. If your application plans to send or receive PII using an AccountingSuite™ integration, please ensure your systems are compliant with security needs and compliance laws.


API Rate Limits

Please read our Rate Limit details here.

API Version

We send API/Webhook Version as part of Payload for you to make sure your application is parsing the correct response version. We are continuously improving our API features. By using the latest version, you can provide a consistent user experience, and stay up to date with improvements and fixes.


Backward Compatibility

As we add new and popular features, we enhance our API/Webhooks structure.

To effectively adapt to the backward compatible enhancements, we recommend developers to consider the following when developing the application:

  1. Adding new API/Webhook resources or endpoints;
  2. Adding new optional request parameters to existing APIs;
  3. Adding new response attributes to existing API/Webhook responses;
  4. Changing the order of attributes in existing API/Webhook responses;
  5. Changing the length or format of unique IDs in response (this length will not exceed 255 characters);
  6. Changing the length of values in response; and/or
  7. Adding new events for Webhooks.

Signature Secret Key

As part of our application registration process, we configure your application to use “Signature Secret Key” to help you identify received payload with malicious data that did not originate at AccountingSuite™, and to ensure the payload has not been tampered with in transit.

You can find this key next to the other Authorization keys generated by us after registration of your application. If it you are not able to find them, please create a support ticket to receive this key.

AccountingSuite™ generates a hash of the response's body with the Signature Secret Key and attaches it to Response payload's header. You should verify the signatures by creating the hash and comparing with the one from the message.


    • Related Articles

    • Data Security

      Data Security Your data is safe with us. Our application runs in a highly secured data center located in the United States. The security includes multiple layers of physical, network, application, and system controls and is in compliance with many ...
    • API Limits

      Our APIs are rate limited to prevent abuse and ensure service stability. These limits are administered within AccountingSuite. Rate Limits Rate limits control the number of API calls your Application (identified by Client ID) can make within a given ...
    • API Examples

      Introduction This document provides examples for common API calls and should give you an understanding of the capabilities. Complete API Documentation may be accessed at https://developer.accountingsuite.com/ .  Master Data (Dimensions) Get List of ...
    • Where can I find API Authentication (OAuth 2.0) Information like the secret key?

      The apisecret key may be found by the following: 1) Click Settings 2) Click the Integrations Tab The key is at the top of the integrations tab. There is API documentation found here: https://developer.accountingsuite.com/.
    • AccountingSuite™ Release Notes, German Shepherd 4, Gusto and ShipStation Integrations

      AccountingSuite™ is now  integrated with Gusto and Shipstation! Import your payroll information into AccountingSuite™ Error free entry into AccountingSuite™ using Gusto’s API. We have created an easy payroll sync from Gusto that allows you to sync ...