How does Onport handle data exchanged with vendor's integrations?

Daniel Orge
Daniel Orge
  • Updated

Introduction

In this article, we share why Onport needs to retain credentials/API keys from your vendors. Your vendors may ask about this and show some concerns in this regard. If they do so, here's a brief summary of why we need it. 

Disclaimer

This kind of access is API only, therefore not allowing anyone to access any stores as an admin.

Handling data

Currently, Onport provides easy integration for 160+ clients in which we are only looking for and writing data that relates to Onport.

We don’t ask for any unnecessary permissions and the permissions required would be asked typically for any order or shipping app, and these credentials would always be bound to that set of permissions only.

We do not store additional information in Onport. Onport does audit key flows of data, such as the data sent to vendors and the shipping API calls being returned.

Onport interacts with the vendor’s system by creating orders and fetching the respective fulfillments. Therefore, Onport only queries specific orders related to your marketplace and will not download unrelated order data. This is verifiable by the vendor if their platform is equipped with API access logs.

Additionally, most of the communication is encrypted in transit so that it cannot be intercepted by malicious actors. Product and sales-related data are also encrypted at rest in our databases which guarantees additional security. This includes any troubleshooting from our support teams, for tickets raised by the marketplace or vendor.

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.