3. HTTP API Services Security
Set the security level for each HTTP API service via the 2N IP intercom configuration web interface on the Services / HTTP API tab: disable/enable a service and select the required communication protocol and user authentication method.
 |
- HTTP – send requests via HTTP or HTTPS. Both the protocols are enabled and the security level is defined by the protocol used.
- HTTPS – send requests via HTTPS. Any requests sent via the unsecured HTTP are rejected by the intercom. HTTPS secures that no unauthorised person may read the contents of sent/received messages.
Set authentication methods for the requests to be sent to the intercom for each service. If the required authentication is not executed, the request will be rejected. Requests are authenticated via a standard authentication protocol described in RFC-2617. The following three authentication methods are available:
- None – no authentication is required. In this case, this service is completely unsecure in the LAN.
- Basic – Basic authentication is required according to RFC-2617. In this case, the service is protected with a password transmitted in an open format. Thus, we recommend you to combine this option with HTTPS where possible.
- Digest – Digest authentication is required according to RFC-2617. This is the default and most secure option of the three above listed methods.
We recommend you to use the HTTPS + Digest combination for all the services to achieve the highest security and avoid misuse. If the other party does not support this combination, the selected service can be granted a dispensation and assigned a lower security level.