ABC HTTP web services adhere to the security parameters established for all ABC web services.
Additionally, no HTTP web services include payment card data. Personal account numbers such as credit card numbers, bank account numbers, etc. are not transmitted via HTTP web services.
The HTTPS protocol is required. This protocol ensures an encrypted secure HTTP connection between the client and server over the internet.
All HTTPS requests are authenticated with a user ID and password. ABC assigns and maintains user IDs and passwords.
There are two levels of authorization:
Access is granted by club number and web service operation.
Additional security is enforced through club number. Each Web Service request requires a club number (entity ID). Integration partners are granted access to specific club numbers. For example, integration partner XYZ may be granted access to club number 1234, but not to club number 5678. An attempt to access club number 5678 by this partner will result in an HTTP error such as "401 Authorization Required."
The club number is a four digit number that uniquely identifies an ABC club. ABC is responsible for establishing and maintaining club numbers. Example values include 5436, 1245, and 9875. An incorrect club number will trigger a response of HTTPS 401. This value indicates that authorization is required before access to this club's data will be allowed. ABC will provide appropriate club numbers.
Web Service Operations enforce club number security. For example, the Prospect web service has three operations: InsertProspect, updateProspect, and deleteProspect. Integration partners are granted access to specific operations within a club number. For example, integration partner XYZ may be granted access to club number 1234 for operation insertProspect, but not for operation deleteProspect. An attempt to access club number 5678 with operation deleteProspect by this partner will result in an HTTP error such as "401 Authorization Required."