Login
Updated on January 20, 2025

SDK Security

Estimated reading: 2 minutes 1805 views

Robility SDKs are built with enterprise-grade security measures to ensure safe development, deployment, and integration with the Robility platform. This guide explains the mechanisms and practices implemented to secure Robility SDKs. 

Standard SDKs are available as separate packages upon request to enable masking integration with Robility Manager. These SDKs are exclusively offered for the on-premises deployment model.

1. Secure Communication

a. TLS Encryption: All communication between SDKs and the Robility platform is encrypted using TLS (Transport Layer Security) to prevent data interception or tampering. 
b. HTTPS Protocol: SDKs require secure HTTPS endpoints to ensure safe data transmission. 

2. Authentication and Authorization 

a. OAuth 2.0: Robility SDKs use OAuth 2.0 for secure access to APIs, ensuring only authorized applications can connect to the platform. 
b. API Keys: Access to SDKs requires scoped API keys, restricting access to only necessary functionalities. 
c. Role-Based Access Control (RBAC): SDKs respect RBAC policies, ensuring users or services only have permissions relevant to their roles. 

3. Token Security 

a. Access Tokens: SDKs use short-lived access tokens for secure API interactions, minimizing the risk of token misuse. 
b. Refresh Tokens: Secure mechanisms allow refresh tokens to obtain new access tokens without reusing sensitive credentials. 
c. Session Management: Sessions expire automatically after a set period of inactivity, reducing exposure to session hijacking. 

4. Data Security 

a. Payload Encryption: Sensitive information in API requests, such as credentials or configurations, is encrypted to prevent unauthorized access. 
b. Data Masking: SDKs ensure sensitive information like passwords is not exposed in logs or debugging outputs. 

5. Secure Dependencies 

a. Validated Dependencies: SDKs rely on secure, verified libraries and dependencies to reduce the risk of vulnerabilities. 
b. Frequent Updates: Robility regularly patches SDKs and dependencies to address security concerns. 

6. SDK Version Control 

a. All SDK are regularly updated to patch vulnerabilities and improve security. 
b. Notify developers to deprecate older versions and enforce the use of updated ones. 

Best Practices for Using Robility SDKs Securely 

1. Use scoped API keys to grant the least privilege necessary for a task. 
2. Rotate access tokens and API keys periodically to reduce the risk of compromise.
3. Validate endpoint URLs and certificates to protect against man-in-the-middle (MITM) attacks. 
4. Monitor API logs to identify unauthorized access or potential misuse. 

Security - Previous API Security Guide
Share this Doc

SDK Security

Or copy link

CONTENTS