OdataLink uses a modern secure architecture to provide access to your MYOB or Xero data. This architecture ensures your data and all configuration settings are secure.
OdataLink provides you the ability to control access to your data. This is done via Models.
From the Model screen, you can can control every aspect of the OData feeds. You can choose:
- Which data files and endpoints are available.
- The type of authentication method to use to access your data (Anonymous or Basic).
- Which users can use the OData feed (when using Basic Authentication).
- Which IP addresses are allowed through the firewall.
Not only do these settings protect your data from external attacks. It also protects your data from internal ones.
As an example, you can create and manage a Payroll model separate from a Sales model. Creating two models protects your sensitive data within your own organisation. Payroll staff will only have access to payroll data. Sales staff will only have access to sales data.
Underpinning this architecture are OdataLink’s core values that:
- Security is of utmost importance.
- You should always be in control at all times.
- Your data will never be harvested or collected.
These core values are at the centre of all architectural decisions we made.
Unless YOU directly grant access to the data to OdataLink employees, our staff cannot access your data in any way.
✓ Built using secure technology from Microsoft
OdataLink uses the best technology from Microsoft and the Azure platform. OdataLink is hosted on Microsoft Data Centres in Australia.
✓ Secure connection to MYOB and Xero
OdataLink uses OAuth 2.0 to connect to your MYOB or Xero data.
OAuth 2.0 is an industry standard. Rather than require username and passwords, under the hood, OdataLink uses tokens to access your data.
This ensures that OdataLink doesn’t actually have any knowledge of your MYOB or Xero user names or passwords.
✓ Encrypted connection to your data
OdataLink uses 2048-bits RSA SSL certificate and TLS 1.2 or higher to protect the data in-transit. This applies to both communications between your Odata client and OdataLink as well as between OdataLink and your Xero or MYOB data file.
✓ Encrypted archived data
OdataLink encrypts all sensitive data it stores at rest. This includes all cached data (used to increased performance), the URLs created as OData Feeds, and additional sensitive information.
Furthermore, while OdataLink provides access to your data, it encrypts it in a very specific way. This ensures information cannot be harvested (not by OdataLink or our employees).
✓ Control how and when OdataLink stores encrypted data
Each model configured in OdataLink include the ability to choose the type of archive to use. The Live (No Cache) allows you to configure OdataLink to not store any data on OdataLink servers (at the cost of performance).
✓ Secure Login
OdataLink uses the latest security techniques to protect user names and passwords. In fact, it doesn’t even store any passwords. It uses a technique, called a salted-hash. This ensures complete protection of your users logins.
✓ Two-Factor Authentication
In addition, login to the OdataLink website uses Two-Factor Authentication to ensure that even if your password is compromised, an additional code (received by email) must be entered in order to login and manage any settings.
✓ Built-in Firewall
OdataLink includes a built-in firewall to protect your OData feeds. With it, you specify the valid IP addresses. Any OData Feed used from an unlisted IP address is rejected.
The firewall will also email you of any new IP address attempting to access your data. This allows you to easily grant or reject access.
✓ Fully-traceable logs
OdataLink provides a fully traceable set of logs. These logs list all requests received, whether successful or otherwise.
✓ Regular Security Audits
The team at OdataLink conducts regular security audits to ensure we follow industry best practices. These audits are both compulsory and voluntary.
On the compulsory side, all larger apps that integrate with Xero must conduct yearly security audits. This process aims to enforce a consistent security standard for users of third party apps that integrate with accounting software. This is a joint endeavour between DSPANZ (Digital Service Providers Australia New Zealand), ABSIA (Australian Business Software Industry Association), the ATO (Australian Taxation Office) and accounting software providers such as Xero and MYOB.
You can find further information on these sites.
- https://developer.xero.com/partner/security-standard-for-xero-api-consumers
- https://developer.xero.com/faq/xero-ecosystem-security-requirements-update
- https://www.dspanz.org/industry-standards/addon-security-standard/
On the voluntary side, OdataLink has put in place processes to review our infrastructure, processes, architecture and code to ensure it follows industry best practices.
To this end, OdataLink follows the expertise provided by OWASP including OWASP Top Ten.
If you have any questions regarding OdataLink, either start a chat or contact us.