Security Considerations

The Salla API offers a straightforward RESTful interface with lightweight JSON-formatted responses, enabling the use of various features within the Salla system. This document provides essential security information for developers integrating with the Salla API.

REST APIs utilize HTTP and support Transport Layer Security (TLS) encryption. TLS is a standard that ensures a private internet connection and verifies that the data exchanged between systems (whether between servers or between a server and a client) is encrypted and unaltered.

OAuth

OAuth is designed to allow third-party applications to access APIs without requiring users to share their passwords. Merchants are asked to authorize you, as the service provider, to access only specific portions of their account. Salla currently supports OAuth 2.0 as the primary method for authorization and authentication.

:::tip[]
Read more about OAuth in the documentation.
:::

APIs

API requests must be made using HTTPS; HTTP requests are not permitted. Salla API prevents anonymous users from accessing sensitive information, ensuring that access is granted only through Salla Partners Portal applications using OAuth.