{"id":2978,"date":"2023-08-18T10:27:20","date_gmt":"2023-08-18T08:27:20","guid":{"rendered":"https:\/\/www.smsapi.com\/blog\/?p=2978"},"modified":"2024-01-29T15:59:41","modified_gmt":"2024-01-29T14:59:41","slug":"how-to-secure-account-smsapi","status":"publish","type":"post","link":"https:\/\/www.smsapi.com\/blog\/how-to-secure-account-smsapi\/","title":{"rendered":"How to secure your SMSAPI account?"},"content":{"rendered":"\n<p><strong>Secure your SMSAPI account &#8211; here&#8217;s how to protect your data and access to SMS gateway.<\/strong><\/p>\n\n\n\n<!--more-->\n\n\n\n<p>Security is not taken lightly here at SMSAPI. After all, our clients store sensitive data about their customers. The basic rules regarding password security will protect you against most threats. Furthermore, the <a rel=\"noreferrer noopener\" href=\"https:\/\/www.smsapi.com\/blog\/sms-gateway-starting-guide\/\" target=\"_blank\">SMS gateway<\/a> offers numerous solutions to increase account and data security. Discover multifactor authentication, secure encryption, tokens, and IP listing. Stay safe, and never re-use your passwords!<\/p>\n\n\n\n<div class=\"wp-block-smsapi-blog-2021-infobox infobox infobox--info post-content--full-width\"><div class=\"infobox__icon\"><img decoding=\"async\" src=\"data:image\/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+CjxzdmcKICAgd2lkdGg9IjEwMCUiCiAgIGhlaWdodD0iMTAwJSIKICAgdmlld0JveD0iMCAwIDEyIDE2IgogICBjbGlwLXJ1bGU9ImV2ZW5vZGQiCiAgIHhtbDpzcGFjZT0icHJlc2VydmUiCiAgIHZlcnNpb249IjEuMSIKICAgaWQ9InN2ZzYzIgogICB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciCiAgIHhtbG5zOnN2Zz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPgogIDxwYXRoCiAgICBzdHlsZT0iZmlsbDogcmdiKDE3LCAxOTIsIDEyOCk7IGZpbGwtcnVsZTogbm9uemVybzsiCiAgIGQ9Im03LjUxNDA1LDExbC0zLDBjMCwtMyAxLjYsLTQgMi43LC00LjZjMC40LC0wLjIgMC43LC0wLjQgMC45LC0wLjZjMC41LC0wLjUgMC4zLC0xLjIgMC4yLC0xLjRjLTAuMywtMC43IC0xLC0xLjQgLTIuMywtMS40Yy0yLjEsMCAtMi41LDEuOSAtMi41LDIuM2wtMywtMC40YzAuMiwtMS43IDEuNywtNC45IDUuNSwtNC45YzIuMywwIDQuMywxLjMgNS4xLDMuMmMwLjcsMS43IDAuNCwzLjUgLTAuOCw0LjdjLTAuNSwwLjUgLTEuMSwwLjggLTEuNiwxLjFjLTAuOSwwLjUgLTEuMiwxIC0xLjIsMnoiCiAgIGlkPSJwYXRoNTkiIC8+CiAgPHBhdGgKICAgIHN0eWxlPSJmaWxsOiByZ2IoMTcsIDE5MiwgMTI4KTsgZmlsbC1ydWxlOiBub256ZXJvOyIKICAgZD0ibTgsMTRjMCwxLjEwNSAtMC44OTUsMiAtMiwyYy0xLjEwNSwwIC0yLC0wLjg5NSAtMiwtMmMwLC0xLjEwNSAwLjg5NSwtMiAyLC0yYzEuMTA1LDAgMiwwLjg5NSAyLDJ6IgogICBpZD0icGF0aDYxIiAvPgo8L3N2Zz4K\"\/><\/div><div class=\"infobox__title\"><h4>What will an SMSAPI employee never ask you for?<\/h4><\/div><div class=\"infobox__content\">\n<ul class=\"wp-block-list\">\n<li>password,<\/li>\n\n\n\n<li>token,<\/li>\n\n\n\n<li>remote control of your computer,<\/li>\n\n\n\n<li>installing an application,<\/li>\n\n\n\n<li>a quick transfer or payment through a provided link.<\/li>\n<\/ul>\n\n\n\n<p>SMSAPI employee may ask you for the following:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>login,<\/li>\n\n\n\n<li>email address,<\/li>\n\n\n\n<li>public company information (name, address, VAT ID), and similar details.<\/li>\n<\/ul>\n<\/div><\/div>\n\n\n\n<p>Why do we place such a strong emphasis on security? Because an SMS gateway is a tool for mass communication. Utilizing the tools presented below can significantly reduce the risk of losing access, funds or leaking confidential information. Explore SMS two-factor authentication, secure passwords, encryption, tokens, and IP address listing.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">SMSAPI has ISO 27001 certificate<\/h2>\n\n\n\n<p>Did you know that since 2021, <strong>SMSAPI has obtained the ISO 27001 certificate<\/strong>, which we renew annually? This guarantees a high-security standard and a responsible approach to data security and our infrastructure. We have been audited by one of the strictest certification organizations in Poland, T\u00dcV Nord Polska. Read more about the certification and how it changes users&#8217; perspective of the bulk SMS-sending platform.<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-wp-embed is-provider-smsapi-blog wp-block-embed-smsapi-blog\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"wp-embedded-content\" data-secret=\"unUaFMo9fq\"><a href=\"https:\/\/www.smsapi.com\/blog\/smsapi-iso-27001-certificate\/\">SMSAPI with ISO 27001 Certificate<\/a><\/blockquote><iframe loading=\"lazy\" class=\"wp-embedded-content\" sandbox=\"allow-scripts\" security=\"restricted\" style=\"position: absolute; clip: rect(1px, 1px, 1px, 1px);\" title=\"&#8220;SMSAPI with ISO 27001 Certificate&#8221; &#8212; SMSAPI Blog\" src=\"https:\/\/www.smsapi.com\/blog\/smsapi-iso-27001-certificate\/embed\/#?secret=EzvSeiMoOF#?secret=unUaFMo9fq\" data-secret=\"unUaFMo9fq\" width=\"600\" height=\"338\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\"><\/iframe>\n<\/div><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">24\/7365 Monitoring <\/h2>\n\n\n\n<p>Before we begin, you should know since November 2019, the Network Operations Center department has been operating in our headquarters. The team is responsible for continuously monitoring SMSAPI services and other bulk SMS platforms of LINK Mobility Group. <\/p>\n\n\n\n<p>The NOC works in shifts, allowing it to <strong>operate 24 hours, no matter the holidays and days off<\/strong>. Among their competencies are incident solving and malfunction maintenance after the working hours of our office. Furthermore, they create solutions that help<strong> <\/strong>during future incidents.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">A secure password &#8211; strong, unique, and long<\/h2>\n\n\n\n<p>A strong and unique password is the foundation of your account&#8217;s security. But what does it mean for a password to be considered secure? First and foremost, your SMSAPI account password must consist of <strong>at least eight characters,<\/strong> including one uppercase letter and a number. Each additional character makes the password even more difficult to crack.<\/p>\n\n\n\n<div class=\"wp-block-smsapi-blog-2021-infobox infobox infobox--attention post-content--full-width\"><div class=\"infobox__icon\"><img decoding=\"async\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMTAwJSIgaGVpZ2h0PSIxMDAlIiB2aWV3Qm94PSIwIDAgMTAgMTYiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgY2xpcC1ydWxlPSJldmVub2RkIiB4bWw6c3BhY2U9InByZXNlcnZlIiB2ZXJzaW9uPSIxLjEiPgogIDxwYXRoIGlkPSJzdmdfMSIgc3R5bGU9ImZpbGw6IHJnYigxNywgMTkyLCAxMjgpOyBmaWxsLXJ1bGU6IG5vbnplcm87IiBkPSJtMi45MTk2NCwwbDQsMGwwLDRsLTEsN2wtMiwwbC0xLC03bDAsLTR6Ii8+CiAgPHBhdGggaWQ9InN2Z18yIiBzdHlsZT0iZmlsbDogcmdiKDE3LCAxOTIsIDEyOCk7IGZpbGwtcnVsZTogbm9uemVybzsiIGQ9Im03LjAwODM3LDE0YzAsMS4xMDUgLTAuODk1LDIgLTIsMmMtMS4xMDUsMCAtMiwtMC44OTUgLTIsLTJjMCwtMS4xMDUgMC44OTUsLTIgMiwtMmMxLjEwNSwwIDIsMC44OTUgMiwyeiIvPgo8L3N2Zz4K\"\/><\/div><div class=\"infobox__title\"><h4>Protect your password<\/h4><\/div><div class=\"infobox__content\">\n<p>Never share your password with anyone.<\/p>\n<\/div><\/div>\n\n\n\n<p>Additionally, we suggest it be <strong>unique, meaning you won&#8217;t use it anywhere else<\/strong>. Why is this so important? Because in case of a data breach in another service, like a streaming platform, unauthorized individuals won&#8217;t be able to use the obtained information to access your account. This principle applies to all other online services, so strive to use unique passwords everywhere.<\/p>\n\n\n\n<p>A third tip is to <strong>consider using a password manager<\/strong>. Such a tool generates strong, unique passwords and stores them in a secure vault. You can opt for paid or free solutions like <a aria-label=\" (opens in a new tab)\" href=\"https:\/\/keepass.info\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\" class=\"ek-link\">KeePass<\/a> or <a aria-label=\" (opens in a new tab)\" href=\"https:\/\/bitwarden.com\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\" class=\"ek-link\">Bitwarden<\/a>. An external password manager isn&#8217;t a perfect solution, but it certainly offers a higher level of security than the password-saving feature built into your web browser.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Enforce Periodic Password Changes<\/h3>\n\n\n\n<p>A final piece of advice regarding login credentials is to <strong>periodically change your passwords<\/strong> to reduce the risk of a breach and account takeover. In the <a href=\"https:\/\/ssl.smsapi.com\/react\/security\/settings\" target=\"_blank\" aria-label=\"Security section of the Customer Portal (opens in a new tab)\" rel=\"noreferrer noopener\" class=\"ek-link\">Security section of the Customer Portal<\/a>, you&#8217;ll find the option to enforce setting a new password every 30 days.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"650\" height=\"473\" src=\"https:\/\/www.smsapi.com\/blog\/wp-content\/uploads\/2022\/08\/smsapi-secure-sms-password-change.png\" alt=\"Periodic password change\" class=\"wp-image-5704\" srcset=\"https:\/\/www.smsapi.com\/blog\/wp-content\/uploads\/2022\/08\/smsapi-secure-sms-password-change.png 650w, https:\/\/www.smsapi.com\/blog\/wp-content\/uploads\/2022\/08\/smsapi-secure-sms-password-change-275x200.png 275w, https:\/\/www.smsapi.com\/blog\/wp-content\/uploads\/2022\/08\/smsapi-secure-sms-password-change-137x100.png 137w\" sizes=\"auto, (max-width: 650px) 100vw, 650px\" \/><\/figure>\n<\/div>\n\n\n<h2 class=\"wp-block-heading\" id=\"2fa\">Two-factor authentication via SMS<\/h2>\n\n\n\n<p>Multifactor authentication (2FA SMS) is an additional layer of protection for your account\u2014the <strong>login with the SMS<\/strong> password forces you to provide the received code when accessing the system. The SMS with code is more secure than a traditional method because it also requires access to a phone registered in the system apart from checking the login and password. <\/p>\n\n\n\n<h3 class=\"wp-block-heading\">How to set up SMS authentication?<\/h3>\n\n\n\n<p>To start signing with a text message code, click Account Settings and select <a href=\"https:\/\/ssl.smsapi.com\/react\/security\/settings\" target=\"_blank\" rel=\"noreferrer noopener\" class=\"ek-link\">Security<\/a>. <\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1104\" height=\"271\" src=\"https:\/\/www.smsapi.com\/blog\/wp-content\/uploads\/2020\/03\/SMSAPI_Customer_Portal_Security_SMS_Two-Factor.png\" alt=\"SMS Two-Factor login authentication\" class=\"wp-image-2981\" style=\"width:650px;height:159px\"\/><figcaption class=\"wp-element-caption\">Login with an SMS authentication<\/figcaption><\/figure>\n<\/div>\n\n\n<p>After entering the password and phone number to which the authorization codes are delivered, you will be asked to enter the first <strong>verification code sent by SMS<\/strong>. With the number verified, multifactor authentication is activated. From now on, you must enter a verification code sent by SMS each time you sign in to the system. Well done, you just got safer! \ud83d\ude42<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">New device login verification<\/h2>\n\n\n\n<p>The <strong>SMSAPI system detects logins from new devices<\/strong>. So, when you try to access the Portal from a different computer (or if someone else enters your login and password into your account), you will receive an SMS message with a verification code. On top of that, you can add the new device to trusted ones, allowing you to log in next time without SMS confirmation.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"650\" height=\"228\" src=\"https:\/\/www.smsapi.com\/blog\/wp-content\/uploads\/2022\/08\/smsapi-secure-sms-device.png\" alt=\"SMSAPI security - log out all devices\" class=\"wp-image-5705\" srcset=\"https:\/\/www.smsapi.com\/blog\/wp-content\/uploads\/2022\/08\/smsapi-secure-sms-device.png 650w, https:\/\/www.smsapi.com\/blog\/wp-content\/uploads\/2022\/08\/smsapi-secure-sms-device-300x105.png 300w, https:\/\/www.smsapi.com\/blog\/wp-content\/uploads\/2022\/08\/smsapi-secure-sms-device-150x53.png 150w\" sizes=\"auto, (max-width: 650px) 100vw, 650px\" \/><figcaption class=\"wp-element-caption\">The Devices tab, where you can check the login history to SMSAPI<\/figcaption><\/figure>\n<\/div>\n\n\n<p>In the Security section (Devices tab), you can also review the login history and currently logged-in devices. If you don&#8217;t recognize a specific session, we recommend removing it using the blue button on the right side and changing your password. You can also log out of all devices (red button at the top).<\/p>\n\n\n\n<div class=\"wp-block-smsapi-blog-2021-infobox infobox infobox--info post-content--full-width\"><div class=\"infobox__icon\"><img decoding=\"async\" src=\"data:image\/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+CjxzdmcKICAgd2lkdGg9IjEwMCUiCiAgIGhlaWdodD0iMTAwJSIKICAgdmlld0JveD0iMCAwIDEyIDE2IgogICBjbGlwLXJ1bGU9ImV2ZW5vZGQiCiAgIHhtbDpzcGFjZT0icHJlc2VydmUiCiAgIHZlcnNpb249IjEuMSIKICAgaWQ9InN2ZzYzIgogICB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciCiAgIHhtbG5zOnN2Zz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPgogIDxwYXRoCiAgICBzdHlsZT0iZmlsbDogcmdiKDE3LCAxOTIsIDEyOCk7IGZpbGwtcnVsZTogbm9uemVybzsiCiAgIGQ9Im03LjUxNDA1LDExbC0zLDBjMCwtMyAxLjYsLTQgMi43LC00LjZjMC40LC0wLjIgMC43LC0wLjQgMC45LC0wLjZjMC41LC0wLjUgMC4zLC0xLjIgMC4yLC0xLjRjLTAuMywtMC43IC0xLC0xLjQgLTIuMywtMS40Yy0yLjEsMCAtMi41LDEuOSAtMi41LDIuM2wtMywtMC40YzAuMiwtMS43IDEuNywtNC45IDUuNSwtNC45YzIuMywwIDQuMywxLjMgNS4xLDMuMmMwLjcsMS43IDAuNCwzLjUgLTAuOCw0LjdjLTAuNSwwLjUgLTEuMSwwLjggLTEuNiwxLjFjLTAuOSwwLjUgLTEuMiwxIC0xLjIsMnoiCiAgIGlkPSJwYXRoNTkiIC8+CiAgPHBhdGgKICAgIHN0eWxlPSJmaWxsOiByZ2IoMTcsIDE5MiwgMTI4KTsgZmlsbC1ydWxlOiBub256ZXJvOyIKICAgZD0ibTgsMTRjMCwxLjEwNSAtMC44OTUsMiAtMiwyYy0xLjEwNSwwIC0yLC0wLjg5NSAtMiwtMmMwLC0xLjEwNSAwLjg5NSwtMiAyLC0yYzEuMTA1LDAgMiwwLjg5NSAyLDJ6IgogICBpZD0icGF0aDYxIiAvPgo8L3N2Zz4K\"\/><\/div><div class=\"infobox__title\"><h4>SMS Authenticator &#8211; secure SMS login for companies<\/h4><\/div><div class=\"infobox__content\">\n<p>Moreover, we&#8217;ve also created the SMS Authenticator feature for our clients. This tool allows users to add a secure login solution to their systems. It works like logging in with an SMS code to your SMSAPI account.<\/p>\n\n\n\n<p><strong>Read more:<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-wp-embed is-provider-smsapi-blog wp-block-embed-smsapi-blog\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"wp-embedded-content\" data-secret=\"mS1aUj7c7x\"><a href=\"https:\/\/www.smsapi.com\/blog\/password-sms-how-can-a-text-message-become-an-element-of-multi-factor-authentication\/\">Password: SMS. How can a text message become an element of multi-factor authentication?<\/a><\/blockquote><iframe loading=\"lazy\" class=\"wp-embedded-content\" sandbox=\"allow-scripts\" security=\"restricted\" style=\"position: absolute; clip: rect(1px, 1px, 1px, 1px);\" title=\"&#8220;Password: SMS. How can a text message become an element of multi-factor authentication?&#8221; &#8212; SMSAPI Blog\" src=\"https:\/\/www.smsapi.com\/blog\/password-sms-how-can-a-text-message-become-an-element-of-multi-factor-authentication\/embed\/#?secret=wjPcPC2SMF#?secret=mS1aUj7c7x\" data-secret=\"mS1aUj7c7x\" width=\"600\" height=\"338\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\"><\/iframe>\n<\/div><\/figure>\n<\/div><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Connection encryption<\/h2>\n\n\n\n<p>An <strong>SSL certificate secures the connection<\/strong> to SMSAPI. It has been issued by proven, reputable suppliers who <strong>guarantee the reliability<\/strong> of our website. Encryption applies to both the browser version of the website and references via the API.<\/p>\n\n\n\n<p>These safeguards prevent information intercepting during a connection to the platform by devices intermediating in network communication (e.g. Internet connection provider).<\/p>\n\n\n\n<p>We are using <strong>TLS 1.2<\/strong>. Older versions are no longer supported.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"tokens\">OAuth2 tokens &#8211; secure login with the API<\/h2>\n\n\n\n<p>The OAuth2 token is a string that enables a <strong>connection to our platform\u2019s API<\/strong>. For an IT system that wants to use our services in an automated way (without using the Customer Portla), the token acts as a user and password, which you enter when accessing the Customer Portal. To generate access token click API Settings on the left column and click API tokes (OAuth). <\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1435\" height=\"538\" src=\"https:\/\/www.smsapi.com\/blog\/wp-content\/uploads\/2020\/03\/SMSAPI_Token_Customer_Portal_Security.png\" alt=\"List of all your API tokens\" class=\"wp-image-2986\" style=\"width:650px;height:241px\"\/><figcaption class=\"wp-element-caption\">List of generated API token<\/figcaption><\/figure>\n<\/div>\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>Separating these two methods of login <strong>improves security<\/strong> &#8211; information and services to which the IT system has access via a token can be limited, e.g. by allowing SMS to be sent but forbidding checking the contact database. The token itself can be disabled or deleted. It\u2019s also possible to set its expiration date for temporary uses.<\/p>\n<\/blockquote>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"770\" height=\"846\" src=\"https:\/\/www.smsapi.com\/blog\/wp-content\/uploads\/2020\/03\/SMSAPI_Add_Token_Customer_Portal_Security.png\" alt=\"Adding an API token\" class=\"wp-image-2988\" style=\"width:650px;height:716px\"\/><figcaption class=\"wp-element-caption\">Choose which features will be available<\/figcaption><\/figure>\n<\/div>\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>This approach allows you to specify in detail what the IT system will be able to do and what information associated with the account will it have access to.<\/p>\n\n\n\n<p>We recommend using these restrictions. Remember that one of the security principles is to <strong>minimize the data collected and processed<\/strong>.<\/p>\n<\/blockquote>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"users\">Users \u2013 limit access to the account<\/h2>\n\n\n\n<p>If more than one employee uses a company <a rel=\"noreferrer noopener\" href=\"https:\/\/www.smsapi.com\/en\/signup\" target=\"_blank\">account at SMSAPI<\/a>, <strong>creating separate subuser accounts is worth considering<\/strong>. This feature allows you to allocate the necessary permissions, set the preferred time of sending the messages, grant access to contact databases and <a rel=\"noreferrer noopener\" href=\"https:\/\/www.smsapi.com\/blog\/sender-id-how-to-send-branded-sms-company-name\/\" target=\"_blank\">sender names<\/a>, and set the available points limits for the campaigns.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter is-resized\"><a href=\"https:\/\/ssl.smsapi.com\/client_subclients\" target=\"_blank\" rel=\"noreferrer noopener\"><img loading=\"lazy\" decoding=\"async\" width=\"1390\" height=\"636\" src=\"https:\/\/www.smsapi.com\/blog\/wp-content\/uploads\/2020\/03\/SMSAPI_Subusers_Customer_Portal_Security.png\" alt=\"Subusers in SMSAPI Customer Portal\" class=\"wp-image-2991\" style=\"width:650px;height:298px\"\/><\/a><figcaption class=\"wp-element-caption\">Add new subusers to your SMSAPI account<\/figcaption><\/figure>\n<\/div>\n\n\n<p>The solution works well both in larger enterprises and in branched retail networks.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"ip\">IP whitelist \u2013 address filtering<\/h2>\n\n\n\n<p><strong>Listing IP addresses<\/strong> is a solution that significantly limits the possibility of unauthorized access to the platform.<\/p>\n\n\n\n<p>You can specify from what addresses it is possible to log in to the <a href=\"https:\/\/www.smsapi.com\/blog\/dictionary-sms-marketing-technical\/#customerportal\" target=\"_blank\" rel=\"noreferrer noopener\">Customer Portal<\/a> and connect via <a href=\"https:\/\/www.smsapi.com\/blog\/dictionary-sms-marketing-technical\/#api\" target=\"_blank\" rel=\"noreferrer noopener\">API<\/a>. Remember that these two are separate lists.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">IP whitelist \u2013 API:<\/h3>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1387\" height=\"477\" src=\"https:\/\/www.smsapi.com\/blog\/wp-content\/uploads\/2020\/03\/SMSAPI_IP_Filtering_Customer_Portal_Security.png\" alt=\"How to whitelist IPs that can access API\" class=\"wp-image-2995\" style=\"width:650px;height:222px\"\/><figcaption class=\"wp-element-caption\">In the API Settings (bottom part of the left menu), you can define the set of IP addresses<br>from which it will be possible to connect to our API.<\/figcaption><\/figure>\n<\/div>\n\n\n<h3 class=\"wp-block-heading\">IP whitelist &#8211; Customer Portal:<\/h3>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1373\" height=\"460\" src=\"https:\/\/www.smsapi.com\/blog\/wp-content\/uploads\/2020\/03\/SMSAPI_Settings_Customer_Portal_Security.png\" alt=\"Setup IP verification in SMSAPI Customer Portal\" class=\"wp-image-2998\" style=\"width:650px;height:217px\"\/><figcaption class=\"wp-element-caption\">In Account Settings, you can specify the addresses to sign in to the Customer Portal.<\/figcaption><\/figure>\n<\/div>\n\n\n<div class=\"wp-block-smsapi-blog-2021-infobox infobox infobox--attention post-content--full-width\"><div class=\"infobox__icon\"><img decoding=\"async\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMTAwJSIgaGVpZ2h0PSIxMDAlIiB2aWV3Qm94PSIwIDAgMTAgMTYiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgY2xpcC1ydWxlPSJldmVub2RkIiB4bWw6c3BhY2U9InByZXNlcnZlIiB2ZXJzaW9uPSIxLjEiPgogIDxwYXRoIGlkPSJzdmdfMSIgc3R5bGU9ImZpbGw6IHJnYigxNywgMTkyLCAxMjgpOyBmaWxsLXJ1bGU6IG5vbnplcm87IiBkPSJtMi45MTk2NCwwbDQsMGwwLDRsLTEsN2wtMiwwbC0xLC03bDAsLTR6Ii8+CiAgPHBhdGggaWQ9InN2Z18yIiBzdHlsZT0iZmlsbDogcmdiKDE3LCAxOTIsIDEyOCk7IGZpbGwtcnVsZTogbm9uemVybzsiIGQ9Im03LjAwODM3LDE0YzAsMS4xMDUgLTAuODk1LDIgLTIsMmMtMS4xMDUsMCAtMiwtMC44OTUgLTIsLTJjMCwtMS4xMDUgMC44OTUsLTIgMiwtMmMxLjEwNSwwIDIsMC44OTUgMiwyeiIvPgo8L3N2Zz4K\"\/><\/div><div class=\"infobox__title\"><h4>Attention<\/h4><\/div><div class=\"infobox__content\">\n<p>Changing the Customer Portal password does not affect API Tokens. If you want to change your API token, please go to <strong>API tokens (OAuth) in API Settings<\/strong>.<\/p>\n<\/div><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Country filtering &#8211; control SMS messaging destination<\/h2>\n\n\n\n<p>The newest addition to our Customer Portal is the <a rel=\"noreferrer noopener\" href=\"https:\/\/ssl.smsapi.com\/react\/account-settings\/country-filtering\" target=\"_blank\">Country filtering<\/a> tab. The feature allows you to control spending on <a rel=\"noreferrer noopener\" href=\"https:\/\/www.smsapi.com\/blog\/send-global-sms-infographic\/\" target=\"_blank\">global SMS messaging<\/a>. Read more about it!<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-wp-embed is-provider-smsapi-blog wp-block-embed-smsapi-blog\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"wp-embedded-content\" data-secret=\"NzDHJ9q4Hd\"><a href=\"https:\/\/www.smsapi.com\/blog\/country-filtering-sms-feature\/\">New Function in the Customer Portal: Country Filtering<\/a><\/blockquote><iframe loading=\"lazy\" class=\"wp-embedded-content\" sandbox=\"allow-scripts\" security=\"restricted\" style=\"position: absolute; clip: rect(1px, 1px, 1px, 1px);\" title=\"&#8220;New Function in the Customer Portal: Country Filtering&#8221; &#8212; SMSAPI Blog\" src=\"https:\/\/www.smsapi.com\/blog\/country-filtering-sms-feature\/embed\/#?secret=c4kVYc4PlP#?secret=NzDHJ9q4Hd\" data-secret=\"NzDHJ9q4Hd\" width=\"600\" height=\"338\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\"><\/iframe>\n<\/div><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">More safety procedures<\/h2>\n\n\n\n<p>If your company&#8217;s security policy requires it, you can also <strong>force a periodic password change<\/strong> to your SMSAPI account. After activating this function, the system will inform you every 30 days about it. You can set the reminder in the Security tab in Account Settings.<\/p>\n\n\n\n<p>There you can also <strong>set the preferred session duration<\/strong> of the Customer Portal. Select the desired duration from the drop-down list. After this time, you will be automatically signed off when there&#8217;s no activity on the account. This option is helpful if you work in public places or share a computer from which you log into the platform.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"966\" height=\"586\" src=\"https:\/\/www.smsapi.com\/blog\/wp-content\/uploads\/2020\/03\/SMSAPI_Email_Security.png\" alt=\"A security e-mail from SMSAPI\" class=\"wp-image-3001\" style=\"width:650px;height:389px\"\/><figcaption class=\"wp-element-caption\">An example of an e-mail informing about a new sign-in<\/figcaption><\/figure>\n<\/div>\n\n\n<p>If you notice suspicious login attempts, remember you can log out of all the devices with one click in the Customer Portal. <\/p>\n\n\n\n<p>Additionally, to protect against unauthorized access to the account, the system sends an email about the attempted sign-in from a new device. In case of suspicious account activity, we <strong>suggest changing the password<\/strong>. If you have any questions, please <a href=\"https:\/\/www.smsapi.com\/en\/contact\" target=\"_blank\" rel=\"noreferrer noopener\">get in touch with us<\/a>!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Secure your SMSAPI account &#8211; here&#8217;s how to protect your data and access to SMS gateway.<\/p>\n","protected":false},"author":17,"featured_media":2980,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[48,20,47],"class_list":["post-2978","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-knowledge","tag-2fa","tag-english","tag-security"],"_links":{"self":[{"href":"https:\/\/www.smsapi.com\/blog\/wp-json\/wp\/v2\/posts\/2978","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.smsapi.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.smsapi.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.smsapi.com\/blog\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/www.smsapi.com\/blog\/wp-json\/wp\/v2\/comments?post=2978"}],"version-history":[{"count":44,"href":"https:\/\/www.smsapi.com\/blog\/wp-json\/wp\/v2\/posts\/2978\/revisions"}],"predecessor-version":[{"id":5919,"href":"https:\/\/www.smsapi.com\/blog\/wp-json\/wp\/v2\/posts\/2978\/revisions\/5919"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.smsapi.com\/blog\/wp-json\/wp\/v2\/media\/2980"}],"wp:attachment":[{"href":"https:\/\/www.smsapi.com\/blog\/wp-json\/wp\/v2\/media?parent=2978"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.smsapi.com\/blog\/wp-json\/wp\/v2\/categories?post=2978"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.smsapi.com\/blog\/wp-json\/wp\/v2\/tags?post=2978"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}