The MOST API services must be consumed by the client's backend and their servers must be registered on an IP whitelist. Thus, any communications with embedded devices must pass through the client's backend before being directed to mostQI.
INFO
Production domain: production-mostqiapi.com (with whitelist)
Domain for production, validation, and POC: mostqiapi.com (without whitelist)
The domain for validation and POC can be accessed from any IP. These two domains point to the same production environment.It is not recommended to use the mostqiapi.com domain for production, as it is subject to interruptions associated with security triggers.
CAUTION
The exclusive production domain can only be accessed by backends whose IPs have been registered on a whitelist by mostQI.
All requests must be made using the HTTPS protocol.
For increased security, we have adopted the JWT standard with the implementation of unique and temporary tokens. This means that a new authentication token will be required for each request.The authentication token obtained through this route will be used to authenticate the other services of mostQI. Each token has a validity of 10 minutes and can only be used once.JWT tokens are obtained by sending a request to the Authenticate (Get JWT) endpoint, passing the client key in the body of the request.
Requests will pass through a WAF (Web Application Firewall) that will assess the behavior of applications consuming the services.Visit our Information Security Policy.
