At AccountingSuite™ we take data security seriously, and we expect our Integration Partners to use the best efforts in securing our user data. Our responsibility is to ensure that AccountingSuite™ products and services are secure. Your responsibility is to ensure that you follow secure practices for integrating with the AccountingSuite™'s software and services.
Integration Partners are required to use industry best practices to implement access and security controls in order to safeguard sensitive information, including Application Keys. Integration Partners are required to implement security best practices in their application for all endpoints when writing to, or reading from, an AccountingSuite™ endpoint.
Serving all redirect URLs using the Transport Layer Security (TLS) protocol; and
Securely storing and transmitting Application Keys, Access Tokens, Authorization Codes, Refresh Tokens, Client Secrets and other credentials.
Integration Partners must have a strong password for their AccountingSuite™ account. If you are using Google to sign-in, ensure you have adequate protection in place for Google account access. Ensure that any AccountingSuite™ keys are stored/transmitted safely and securely, and that they are protected from accidental exposures.
Ensure that data containing Personally Identifiable Information (“PII”) that belongs to AccountingSuite™ end-user accounts are redacted (as text or as image) before saving to your systems. If your application plans to send or receive PII using an AccountingSuite™ integration, please ensure your systems are compliant with security needs and compliance laws.
AccountingSuite™ generates a hash of the response's body with the Signature Secret Key and attaches it to Response payload's header. You should verify the signatures by creating the hash and comparing with the one from the message.