Security Overview
The many different ways you can ensure a secure relationship with SmileID
Last updated
Was this helpful?
The many different ways you can ensure a secure relationship with SmileID
Last updated
Was this helpful?
SmileID is committed to keeping your data and your users' data safe and secure.
We have implemented and continue to implement many different approaches and options to ensure security.
If you do have any immediate security concerns then please contact us immediately.
Smile ID sets the standard in data protection and biometric security in Africa.
We prioritise delivering exceptional quality and robust security for our customers. We safeguard your data and protect your business from fraud by adhering to the highest industry standards. Our commitment is demonstrated through multiple compliance certifications across African countries and the attainment of ISO 30107-1:2016, ISO 30107-3:2023 Level 2, ISO 27001, and SOC 2 Type II certifications.
Smile allows customers to create and manage multiple API keys to cover their needs.
API keys are environment specific (an API key for the Sandbox environment will not work in the Live environment, and vice versa).
We encourage customers to rotate their API keys on a regular basis, every 90 days or more frequently is best practice.
We also encourage customers to use different API keys for different integration methods with SmileID. i.e. to maintain one or more keys for their mobile integration, and using separate keys for any server-to-server integration.
This allows customers to rotate keys independently, based on their need, without disruption to other integrations.
For asynchronous job requests, Smile will send a Callback response to the specified customer URL
Callback requests will come from one of the following IP addresses:
34.240.137.52
44.230.128.108
52.36.32.43
52.213.46.74
We would urge customers to only allow requests to their callback URL from these IPs to help ensure the request originates from SmileID
The callback request body will contain a signature and timestamp, generated using the API key used in the originating job, that customers can verify to ensure the callback request is valid.
If your callback URL requires authentication, please contact us to discuss adding this to your account.
