Security

When working with the Chargetrip API, your keys can be visible to anyone who makes an effort to look for it. That is why we recommend adding a layer of restrictions to build secure applications and prevent unauthorized use.

Note

Only one security implementation can be applied per x-app-id. If you would like to configure multiple different security levels, you will need to create multiple applications / x-app-id.

Web

A HTTP referrer allows restriction to URLs that can use an application ID / x-app-id. This is useful when building any type of web application. You can add as many URLs to a single application as you would like.

Machine-to-machine

To protect your keys when communicating from machine-to-machine, you can use IP addresses. You need to configure these addresses on your applications inside the dashboard.

Android

To restrict the use of an application ID on Android, you will need to provide your application identifier and debug / release certificate fingerprint. To use this restriction, you will need to send your identifier and fingerprint with every request by using the x-app-identifierand x-app-fingerprint headers.

iOS

An iOS bundle identifier can be used to restrict the use of an application ID / x-app-identifier on any iOS application. To use this restriction, you will need to send your bundle identifier with every request by using the x-app-identifier header.