12 Receiving Information from Oracle Hospitality APIs
Applications should ensure any data returned from Oracle Hospitality APIs is managed securely and safely. The system should:
-
Encrypt any sensitive data. Data returned from Oracle Hospitality APIs may contain personal and other sensitive information. If your client system needs to store this information it should be stored securely and encrypted within the data store. Access to these data should be restricted and accounts should have minimum access rights to the data, to prevent elevated access.
-
Any data output to users from an Oracle Hospitality APIs response should be sanitized to ensure there is no possibility of cross-site scripting.
-
Validate all data received from the Oracle Hospitality APIs.