Secure Cloud Components with an API Key

3 Secure Cloud Components with an API Key

In addition to Transport Layer Security (TLS) protection, the Oracle Communications Security Shield Cloud Service (Security Shield) authenticates the RESTful communication between the Cloud Communication Service (CCS) and the Session Border Controller (SBC) by way of a shared key called the API key. Set the API key to contain a random string of 32 to 128 printable characters long, excluding spaces and tabs. When the API key contains fewer than 32 characters, the CCS and SBC produce a warning message indicating the key is not secure. When an API key contains more than 128 characters, Security Shield generates a log message indicating that the key is too long. When the API key is too long, the OCSS uses only the first 128 characters. Oracle recommends that you rotate the API key every six months.

Oracle does not specify the tool that you use for random key generation. The following examples show how to use openssl rand and uuidgen for random byte generation.

openssl randdom -hex 16—Generates a random16 byte ID in hex (32 characters). For example:

$ openssl rand 16 -hex16
cdb18eae600b3d4d837fb6f23b8bf90e

uuidgen -r—Generates a random 16 byte ID that you can use for the API key. Remove "-s" before using it for the API key. For example:

#create random uuid
$ uuidgen -r
a68eddcd-6eec-4b5e-846d-97b1161248e2 (Remove the hyphens "-" to result in the following key: a68eddcd6eec4b5e846d97b1161248e2)

Secure API key, Configuration, and Certificate Storage

Oracle recommends that you regard the API-Key, the Cloud Communications Service (CCS) configuration, the CCS certificate and its associated private key as highly confidential information. Oracle recommends that you restrict access to admin-level users.