46865882c6
PSA abstraction layer with provider pattern, ConnectWise integration (connection management, ticket linking, note posting, status updates, member mapping), Integrations page UI, Fernet credential encryption, in-memory TTL cache, 6 DB migrations, ConnectWise API reference docs.
23 lines
3.3 KiB
Markdown
23 lines
3.3 KiB
Markdown
1. Last updated
|
||
|
||
Mar 31, 2023
|
||
|
||
2. [Save as PDF](https://developer.connectwise.com/@api/deki/pages/1653/pdf/PSA%2bData%2bProtection.pdf "Export page as a PDF")
|
||
|
||
## Protecting your Information
|
||
|
||
The ConnectWise PSA API uses security roles to determine access to environments. By selecting ALL instead of My or None you give integrators access to every piece of information. For certain areas, this may make sense. If you are adding your existing companies to their solution, or if you are sending tickets to them from ConnectWise PSA. However, in other cases such as an AV Alert or Backup Failure alert, integrations don’t need access to tickets they haven’t created themselves. Integrations that impact agreements, don’t need to see additions that they don’t manage. By providing access to ALL, integrations may be reading data that you wouldn’t expect, or updating information that they don’t own. It is always best practice to select MY access for all security roles unless it makes sense to enable ALL access. Integrations should justify requests for ALL access. There is never a situation in which integration needs “admin” access. This is often the default request if they don’t know the exact roles required. [API Logging](https://docs.connectwise.com/ConnectWise_Documentation/090/040/010/040/040?psa=1 "https://docs.connectwise.com/ConnectWise_Documentation/090/040/010/040/040?psa=1") will tell you if you restrict integrations too far.
|
||
|
||
> Want to learn more about [ConnectWise PSA Security Roles](https://docs.connectwise.com/ConnectWise_Documentation/090/025#Security_Role_Levels_Setting "https://docs.connectwise.com/ConnectWise_Documentation/090/025#Security_Role_Levels_Setting")?
|
||
|
||
## How is data stored?
|
||
|
||
ConnectWise does not store any information passed via the API outside of respective partner environments. We do not have a central API Service, data is sent directly to the front ends of each environment. The data from each partner is separate from every other partner, just because you can access one partner, does not mean you can access another. This means that if any integration has access to the APIs, they can only see data relating to the exact partner that gave them access to the APIs. This also means if you are an integrator, you must be given individual API Keys for every environment you wish to access. Similarly, no other vendors can see anything relating to your data if a partner hasn’t specifically given them API keys.
|
||
|
||
|
||
|
||
In this example Vendor A only has access to Partner A's information, because only Partner A has provided them with API Keys. Partner B on the other hand, is using both Vendor A and Vendor B. Depending on the security role permissions, this means Vendor B and Vendor A could see information from each other Partner environment A. If Partner A sets each integration to MY level access, then neither integration could see the other.
|
||
|
||
## Can another vendor access my information?
|
||
|
||
All information passed into a partner environment is only accessible if the partner has explicitly also given that other vendor access to that data. This means that they had to provide API Keys to the vendor and give them a security role other than MY or NONE. |