6 Security Considerations for Developers

This chapter provides information for developers about how to create secure applications for Oracle Communications Session Monitor and how to extend Session Monitor without compromising security.

Caution:

When creating your own applications, or using third-party applications, test your scripts in a test environment to ensure they are safe before uploading them to your production environment. Applications approved by Oracle are safe to use in your environments. However, non-approved applications could cause security and performance issues. Oracle is not responsible for any loss, costs, or damages incurred from using your own applications, or third-party applications.

Securing REST APIs

Using Session Monitor REST API, you can access most Operations Monitor features through HTTPs REST calls.

By default, Session Monitor REST APIs are not secured. When you use REST APIs to access Operations Monitor features, use your API key.

Follow these guidelines to secure your API key:

  • Store the API key on an external system which has restricted access.

  • Perform only secured backups of the external system where the API key is stored.

  • Do not pass the API key on the command line.

  • Change the API key regularly.

See Operations Monitor User's Guide for more information about how to enable and generate your API Key.