...
- All personally identifiable information (PII) is pseudonymised before stored into the database
- Reporting endpoints are secured by OAuth2 authentication
- Management endpoints are secured by HTTP Basic authentication - only minimum set of endpoints are exposed by default, see Accounting Service management
| Note |
|---|
NOTE: As Basic Authentication mechanism provides no confidentiality protection for the transmitted credentials it is recommended that the management endpoints are not exposed to the public network or HTTPS must be configured to provide confidentiality. |
...