Sage 300

Welcome to the Sage 300 Support Group on Community Hub! Available 24/7, the Forums are a great place to ask and answer product questions, as well as share tips and tricks with Sage peers, partners, and pros.

How to only allow API Request from SSL certified site?

Posted By murni over 1 year ago

Hi all,

I am exploring the Sage 300 Web API. I am making a POST request from an e-commerce site, to insert AR invoice batches. I notice that the site with 'Connection not secure' can make a request to Sage 300 API as well. How can we restrict these unsecured website from making API requests to Sage 300 API?

Thank you.

Top Replies

Vega over 1 year ago +1

Configure HSTS on the webserver.

https://https.cio.gov/hsts/

It isn't perfect but it's the best you have.

0 Vega over 1 year ago

Configure HSTS on the webserver.

https://https.cio.gov/hsts/

It isn't perfect but it's the best you have.
Cancel
Vote Up +1 Vote Down

Sign in to reply

Verify Answer

Cancel
0 SergeB over 1 year ago

You could always remove all http ports in IIS and leave HTTPS (443). That would 100% stop any connections that are not on https.

Or implement what Vega said.
Cancel
Vote Up +1 Vote Down

Sign in to reply

Verify Answer

Cancel

Sage 300

How to only allow API Request from SSL certified site?

Top Replies

COMMUNITY

COMPANY

PARTNERS

SUPPORT & TRAINING