The Visiblefarm system uses two-way SSL/TSL encryption for communication, via an HTTPS channel opened with server and client-side certification. The HTTPS communication is coded both on server-side certification and on client-side certification, so a handshake communication secure for both sides is realized. Customers can register their own certification on the VisibleFarm API Administration site.
The system uses multiple authentication. Users have their own passwords ensuring login to their own fixed admin interface. All users might request as many API accounts as desired for the customers (APIAccount). Own database storage space and access right management can be set for all accounts. This encapsulates the consistent data set on the level of data management. Multiple users might access all APIAccounts using various access rights (data upload, data query, master data query). These are controlled by the person who created the access. Using these, the login to VisibleFarm API takes place on the level of these accesses (APIAccount).
In the first steps of the prompts, the user logs in to API (APIAccount) via an HTTPS channel initialized with a certification registered by the user, using AccountName and AccountPassword assigned to the user. After a successful login the system generates a JSON Web Token (JWT) identification, containing the base data and validity of the customer and the connection in an encrypted way. All other calls must include this Token. It is also contained in the server’s responses, where its value might be refreshed.
In the system responses of login, the system communicates the base data of the access, and in every few days it randomly refreshes the AccountPassword. The system of the user must save this for next use. If necessary, the AccountPassword might be re-initialized on the user’s admin interface.
The management of access has two stages, user based, and Account-Role based. Users of VisibleFarm can define various accesses and customer databases, which clearly determine the data set involved. The user has access to all registered customer data on an admin level, but on API level only the data of certain customers will be accessible and can be manipulated.
Users can add further users with various roles to their own APIAccounts that they maintain; so they have a specific level of access to customer data. Every role could have a “read” for queries, “write” for create and update and “delete” access with any kind of combinations. However there could be only one active datamaster role for a given database.
The possible roles: