Server Protection

The Chat SOAP interface can be protected from potential threats by restricting access to valid chat servers.

The SEC_VALID_CHAT_API_HOSTS configuration setting defines the list of IP addresses and subnet masks specifying the legal chat servers that are allowed to access the Chat SOAP interface. If this setting is left blank, all hosts are allowed.

Additionally, users can be protected from cross-origin resource sharing (CORS) attacks by defining the origins allowed to make CORS requests in the CHAT_CORS_ALLOWLIST configuration setting. See “Cross-Origin Resource Sharing Protection” in Chat API Protection.