Product Ideas

PrizmDoc Cloud API Key Encryption/Secret Key or Single Sign On

PrizmDoc Cloud requires the API Key for authentication. The API Key is passed as a clear text. If an advanced user goes to the browser developer tool, he/she will get hold of the API key easily and able to create the PrizmDoc viewer session. This may lead to heavy unintended transaction usage  Will it possible to do a two pass authentication? For example, at application end to encrypt the key at rest and then pass to PrizmDoc Cloud where PrizmDoc will have something like a secret key to decrypt and then authenticate to PrizmDoc cloud.

The other option is to authenticate PrizmDoc Cloud through SSO (SAML authentication to Azure AD) with logged in user context. 

Please not that there is no issue with passing the PAI key at transit as the connection is SSL.

  • Guest
  • Mar 10 2019