Find out more about our rebranding

Security

Recommendations to ensure best practices

Authentication

How API credentials are handled are outside the control of the application and represent the most common areas where security can be potentially compromised.

ManageBac+

ManageBac uses an API token method for authentication. It is strongly recommended to include the token in the request header rather than as a query parameter. This helps prevent accidental exposure, as query parameters:

  • Can be visible in screenshots

  • May be copied, pasted, or stored unintentionally in browser histories or logs

OpenApply

OpenApply uses OAuth2, an industry-standard method for secure API authentication. Each integration requires an API ID and secret, which should be treated like a password.

To minimize risk:

  • Store the ID and secret securely in your integration platform

  • When sharing credentials with a third party, use separate channels (e.g., share the ID by secure email and the secret by text message)

  • Avoid sending credentials in plain text via email or storing them in documents with broad access

Data in Transit

All API traffic is transmitted over HTTPS, ensuring that data exchanged between systems is encrypted and secure in transit.

Mitigating Risk

Think of your API credentials as a passcode to your school’s data. Because they grant access to sensitive information, they must be handled with care.

To help you manage this, both the ManageBac+ and OpenApply API Managers include security tools:

  • Revoke credentials at any time If credentials are accidentally exposed, you can immediately disable them.

  • Generate new credentials Refreshing your ID and secret invalidates the previous ones, rendering them useless even if compromised.

If you believe credentials may have been mishandled, we recommend refreshing them right away. This simple step ensures continued protection of your data.

As a best practice, rotate your credentials every 6 months. OpenApply will occasionally provide reminders, and our support team is available to assist with this process.

By following these guidelines, you can help keep your school’s systems and data safe.

PreviousIntegrating with Faria Suite APIsNextVersion Stability, Breaking Changes, and Deprecation Policy

Last updated

Was this helpful?