Security

Documentation regarding details around security when utilizing Slingshot API.

Access Key

An Access Key is issued from Raven via the Slingshot Portal Server to Slingshot customers. A Slingshot portal account is required to request an Access Key. Access Keys are used to grant access to a customer's Slingshot data and are provided to ISV's by Slingshot customers and may be revoked by the Slingshot customer at any time.

Authorization

After a request is authenticated, an authorization check will be performed using the Access Key that is part of the request. This Access Key will be used to control how much data will be returned to the client based on the account delegation configuration on the Slingshot Portal Server.

Rate Limiting

In order to prevent abuse, all calls to the API are subject to a rate limit of 30 calls per every 60 seconds.

Encryption

Every request to the production Slingshot API Servers must be encrypted via SSL.

Result Set Paging

Result set paging is supported for some API calls. The number of results returned and the relative starting offset of the result set is controlled by several parameters.