Tokens and Security
purlHub provides a proprietary token based security shceme for the integration service API calls, and tracking API calls. This security layer safeguards campaign data and API calls, as well as, provides for identification and segregation of campaign information. purlHub offers both SSL Encrypted and non-SSL un-encrypted service API access offering an enhanced level of security for sites that require this.
Tokens are setup per-campaign, and provide Access Restrictions based on their ACL (Access Control List). Tokens default to an ALL RESTRECTED enforcement and require that campaign integrators explicitly specify only the sites (URLs) that are allowed access and at what level. This URI based or application based access is a core feature of the purlHub token security scheme.
Each ACL rule, associated with a token grants a single URI access in either "Read Only" or "All Access" mode. Read Only restrictions allow only the existing profiles in a campaign to be rendered via purlHub's JSAPI, and prohibit any data saves or profile registrations. The All Access level allows both existing campaign data, as-well-as on-the-fly registration and data saves to occur. The URI field accepts a wildcard character '*', supporting blanket match-all for fragments of a URL. Intended to be used with discretion - in place of the purlCode component with path based PURL campaigns, or opening up access to an entire micro-site.