Search
Close

Popular Searches

Personal
Business
Open An Account
Retail Corporate Instant Password
Home Page
Digital Banking
Other Applications
API Banking
Web Service Security
General Features Auxiliary Security Information While Using External Applications Web Service Security

Web Service Security

.

Let's see the main security issues you should be aware of when using Kuveyt Türk Web Service-API services.

Let's see the main security issues you should be aware of when using Kuveyt Türk Web Service-API services.

  • Ensure that web services are accessed only by authorized sources. Security configuration should be made using the necessary components (Switch, Router, Firewall, etc.).
  • Valid and up-to-date server certificates and TLS protocol must be used in web service communication.
  • Access to web services and the use of related functions should be controlled by predefined validation and authentication mechanisms, and unauthorized access should be prevented.
  • Various filters (time and IP filters) must be applied as part of the communication, simultaneously or interchangeably. The two types of filtering used are:
  1. The time filter ensures that the web service and/or function can only be accessed by that function during specific time periods.
  2. The IP filter ensures that the web service can only be accessed from specific IP address blocks.
  • The messages used within the web service must be checked for compliance with the specified XML schema. Requests that do not qualify for validation should not be accepted.
  • In case of intensive use, the necessary infrastructure must be in place to ensure uninterrupted access to the service. In this context, the load of incoming requests must be balanced.
  • Capacity should be determined per web service functions for the size of outgoing and incoming XML messages. Incoming requests should be rejected if they exceed the capacity, while outgoing requests should be configured to prevent capacity overruns.
  • Outgoing and incoming messages should be scanned for any malware/malicious code snippets, and those carrying malicious content should be rejected.
  • All kinds of access information (IP, function, user, etc.) for web services should be recorded.
  • Web services should be constantly checked, and necessary updates should be made according to changing technology and needs. Updates should also include measures for canceled functions and users, if any. If unauthorized access is detected while examining the records, security measures should be increased.
  • Necessary authorizations should be made for each newly added web service and function, and definitions should be checked in user updates.
  • Your username and passwords are personal to you. Do not save this information anywhere openly, and do not share it with third parties, even for support purposes. If you do so, please contact our bank immediately.

Thanks to Kuveyt Türk's secure external apps, you can access banking solutions from various points.