Security Overview

The many different ways you can ensure a secure relationship with SmileID

SmileID is committed to keeping your data and your users' data safe and secure.

We have implemented and continue to implement many different approaches and options to ensure security.

If you do have any immediate security concerns then please contact us immediately.

Certifications

Smile ID sets the standard in data protection and biometric security in Africa.

We prioritise delivering exceptional quality and robust security for our customers. We safeguard your data and protect your business from fraud by adhering to the highest industry standards. Our commitment is demonstrated through multiple compliance certifications across African countries and the attainment of ISO 30107-1:2016, ISO 30107-3:2023 Level 2, ISO 27001, and SOC 2 Type II certifications.

ISO30107:2023 Certified
ISO30107:2016 Certified
ISO27001 Certified
SOC2 Type II Certified

API Keys

Smile allows customers to create and manage multiple API keys to cover their needs.

API keys are environment specific (an API key for the Sandbox environment will not work in the Live environment, and vice versa).

We encourage customers to rotate their API keys on a regular basis, every 90 days or more frequently is best practice.

We also encourage customers to use different API keys for different integration methods with SmileID. i.e. to maintain one or more keys for their mobile integration, and using separate keys for any server-to-server integration.

This allows customers to rotate keys independently, based on their need, without disruption to other integrations.

Smile Callbacks

For asynchronous job requests, Smile will send a Callback response to the specified customer URL

IP Allowlisting

Callback requests will come from one of the following IP addresses for Production callbacks:

  • 34.240.137.52

  • 44.230.128.108

  • 52.36.32.43

  • 52.213.46.74

Callback requests will come from one of the following IP addresses for Sandbox callbacks:

  • 35.166.227.53

  • 44.246.19.66

  • 54.246.37.255

  • 99.81.237.141

We would urge customers to only allow requests to their callback URL from these IPs to help ensure the request originates from SmileID. If your receiving service will process Callbacks from both Production and Sandbox, you should allowlist all of the specified IPs.

Callback Signing

The callback request body will contain a signature and timestamp, generated using the API key used in the originating job, that customers can verify to ensure the callback request is valid.

Callback Authentication

If your callback URL requires authentication, please contact us to discuss adding this to your account.

PreviousSecuring your account with two-factor authentication (2FA)NextTroubleshooting

Last updated

Was this helpful?