Bold360 and BoldChat Developer Center

Security issues and best practices

Here are some rules to follow when working with Bold360 AI APIs.

  • Use HTTPS, not HTTP.
  • When working with API keys:
    • Create API keys that have only enough privileges to accomplish the actions that will be performed with that key.
    • Create multiple API keys. That is, create a read-only key for users who will not perform write actions. Create a separate API key for users with more privileges.
    • Limit the number of API keys that have read-write access to specific knowledge bases. Tightly control the IP addresses and referers that can use such keys.
    • Consider using an API gateway where the API keys will be added to valid requests from clients before being passed to the Bold360 AI server.
    • Schedule regular updates to API keys that have write access.
  • When working with Session IDs:
    • The lifetime of a session ID is short--the default is 3 minutes. This builds in security.
    • Session IDs are used with REST API endpoints that read from the knowledge base, not with endpoints that write to the knowledge base.
Need more info? Contact us