Did you know our DOTS Global Address Complete comes equipped with custom keys? Other Service Objects services use our traditional API keys, where a backend is calling our APIs and there is no worry of exposing those license keys to the public. This security concern is different in Global Address Complete, since this is usually a Javascript implementation.
An important part of developing web apps and calling APIs directly from Javascript is to be able to secure any license keys that you cannot hide in the backend. Our custom keys are designed to give you security when using the keys in Javascript. While it isn’t 100% fail proof, the custom key can be locked down by domain, meaning that if someone swipes your license key, it generally will not work in other places.
There are many ways that these custom keys can be used. In this blog we present various options and best practices with respect to how the restrictions can be set up on a custom key.
Trial Environment
Our trial environment allows you to try out our global address verification service and see how you can get up and running before spending anything. Custom trial keys are provided unrestricted to domain, because developers are often working with various domains, and may not know exactly where they can start testing. Domains can also change in testing quickly, and most often developers are working in a localhost environment. As a result, putting domain restrictions on the custom key at the release of the key doesn’t make much sense.
However, once the development has moved along and you have things working as desired, the next step is to test restrictions against a domain. In this case you will publish your web development to a specific domain and then can send us the name of the domain, so that we can adjust the backend settings on the custom key to be restricted to the domain(s) that you provide.
Live/Production Environment
Your live or production environment is where you really need to start considering security of your license key. When you are satisfied with your testing, you will be provided a production license key, and will need to switch out your trial key to the production key and change one of the settings you configured in setup: IsTrial (true by default) needs to be set to false. Once you have the key updated and the setting changed, you will be ready to use our production version of the service. Before publishing your web app, you should let us know which domains you want restricted on your key, if you haven’t already done so through the production key sign up process. Once that is in place, you are safe to publish your web app.
Using Multiple Keys
There are scenarios in which you may need multiple custom keys. For example, when you are doing ongoing testing of your application beyond a trial scenario, it will be important to have additional custom keys that you can request, that pull from your production count of available transactions. You can keep your production key as is with the restrictions you need, and have another production custom key with different or no restrictions that you can use in a testing environment.
We are here to help!
These a few examples of how you can use our custom keys for Global Address Complete. One of the best ways to figure out how you should be using the custom keys is to get on a call with one of our technical support staff, where we can review your environment and goals and provide recommendations and best practices.
It is always important to have your strategy for testing and going live worked out early on, to avoid any surprises along the way. There is plenty of additional information in our developer guides that can help you get started, including a quick integration guide. Be sure to read through most of the material in the developer guide so as to not miss any other interesting features of the service, such as the Javascript Options or events.