Face SDK Security

This documentation provides guidelines to ensure the robustness and safety of your Face SDK implementation.

Securing Network Connections

For secure data transmission, use HTTPS connections:

• How to set up HTTPS on your Web Server

Authentication of Requests

The Face SDK Web Service does not inherently support authentication and processes all incoming requests without discrimination. To mitigate the risk of unauthorized or malicious usage, it is strongly recommended not to expose the Web Service to public Internet access.

For enhanced security, deploy the Web Service within a closed perimeter, like a Demilitarized Zone (DMZ), and configure a proxy server at the entrance point:

The simplest method to establish secure access is as follows:

1. Set up Basic authentication on the proxy server. This authentication mechanism requires clients to provide valid credentials to access the Web Service.

• Example of enabling authentication using nginx

2. When sending a request to the Web Service, include the appropriate authentication header:

• Configuring headers on Web Service
• Configuring headers on Mobile

3. The incoming request is authenticated by the proxy server.

4. If the authentication process succeeds, the request is forwarded to the Web Service for processing.

5. If authentication fails, the request is rejected.