Best practices for use

This article presents a set of best practices to ensure the safe use of the WebService A2A module. If you have any questions, please contact our support team.

Set only one credential per WebService A2A authorization

Set only one credential per WebService A2A authorization to minimize risk. This practice ensures that each authorization is tied to a single credential, centralizing activity tracking. In the event of a vulnerability, a quicker response is facilitated by deactivating a single credential without the need to manage several.

Restrict origin IP for WebService A2A authorization

Restrict the origin IP of WebService A2A authorizations to the servers (and their redundancies) managing applications requiring access to senhasegura credentials. Apply the principle of least privilege by defining a policy that grants access only to servers requiring the use of credentials managed by senhasegura.

Prefer OAuth 2.0 over OAuth 1.0

Choose OAuth 2.0 as your authentication method over OAuth 1.0 for enhanced security. Always prioritize using the latest standards that align with robust security levels and are compatible with your technology assets.

Enable encryption and information segmentation

Enable encryption of sensitive information for queries through the senhasegura API. Segregate the credential query module and the sensitive information decryption module, assigning these tasks to different developers to prevent access to complete information by any single individual.

Implement dynamic credential retrieval during execution

Implement a mechanism to dynamically retrieve credentials during application execution, avoiding the need to store them in any file. Storing credentials outside senhasegura management exposes them to unauthorized access, compromising the traceability of queries and risking irresponsible use.

Create a local cache of credentials

Instruct programmers to create a local cache of credentials with a controlled lifetime. This practice ensures uninterrupted application functionality, even during senhasegura unavailability, by allowing queries from the local cache.

Align local cache lifetime with password rotation time

Align the lifetime of the local cache with the password rotation time of senhasegura. This ensures that the password stored in the local cache remains current, preventing authentication issues due to outdated credentials during senhasegura unavailability.

Handle connectivity errors and verify password rotation

Advise programmers to recheck senhasegura in case of a connectivity error with the password query. Given frequent password rotations based on senhasegura settings, verifying password currency is crucial to prevent local cache obsolescence and potential authentication failures.