Securing programmatic access to your vulnerability data is just as important as securing the portal interface itself. The CVD Portal API utilizes robust authentication and authorization mechanisms to ensure that only approved applications and services can interact with your sensitive security information, a critical requirement for maintaining data confidentiality under the Cyber Resilience Act (CRA).
Authentication is handled via securely generated API Keys. Administrators can provision distinct keys for different integrations, adhering to the principle of least privilege. Each key is associated with specific role-based permissions, ensuring that an integration designed to solely ingest new reports cannot accidentally modify remediation data or access compliance logs.
API keys must be securely stored and transmitted via the Authorization header using Bearer token authentication over TLS. The portal provides tools for monitoring API usage per key and facilitates rapid key revocation and rotation in the event of a suspected compromise, ensuring continuous control over your data access points.