Security and Authentication
OpenMarket takes the security of your data seriously. We can provide our policies and standards as part of the provisioning process. Yearly third party security audits across all our products are conducted by a qualified independent security assessor.
When connecting to the mobile operators, OpenMarket utilizes industry standard encryption technologies appropriate to the sensitivity of the information being transmitted. This means we use either VPN tunnels or SSL (TLS v1.0 or greater) to encrypt data being sent over public networks or private networks if required.
Your connection to OpenMarket
When connecting to OpenMarket, we strongly recommend using HTTPS connections over secure port 443.
While HTTP over port 80 is available, your data (and potentially your end user’s information) is sent in plain text, which a third party could intercept and read.
For extra security you can provide a whitelist of IP addresses from which OpenMarket will accept API requests for your account. With this added safeguard, a request will fail if it is submitted from an IP address that is not on your whitelist.
In order to provision an IP whitelist, contact OpenMarket Support.
OpenMarket sends MO messages, delivery receipts, and other notifications from the IP Address ranges listed below. We may route traffic through any of these IP addresses, without notice, to ensure that services remain highly available.
To ensure the authenticity of requests, you should only accept requests from the following OpenMarket IP addresses:
- 184.108.40.206 - 220.127.116.11 (18.104.22.168/22)
- 22.214.171.124 - 126.96.36.199 (188.8.131.52/23)
- 184.108.40.206 - 220.127.116.11 (18.104.22.168/22)
- 22.214.171.124 - 126.96.36.199 (188.8.131.52/22)
- 184.108.40.206 - 220.127.116.11 (18.104.22.168/22)
Authenticating and Access Control
When you become provisioned with us, we'll provide you with a number of user and application accounts. We can set each accounts to only the level of permission each user requires.
Accounts for applications are normally numbers, while accounts for people are normally a business email address. A typical set up would be:
Account ID / Name
An ID specifically enabled for SMS messaging.
Used in any Global SMS API request (POST or GET), such as to send an MT message to any end user.
Enables Matthew to access Customer Center tools and reporting. OpenMarket Support will recognize Matthew when he emails using this address.
As Matthew is in Finance, he is able to see all reports including financial reports.
Enables Jinghua to access Customer Center tools and reporting. OpenMarket Support will recognize Jinghua when she emails using this address.
As Jinghua is in development, she is restricted from seeing financial reports.
Your credentials for using OpenMarket operations and applications are provisioned by OpenMarket's Identity Service and configured with individual permissions. When one of our operations or applications receives a request, it checks to make sure that the authentication credentials are valid and that the corresponding user has the required permissions to make that API call.
Note: If you're using either MEP or Dashboards and Reporting, you will be able to create and administer your own user accounts for each staff member.
At the request level, most of our operations require Basic authentication. See Basic authentication for details on how to add this to your requests.