Author: Clare Stone

Enhanced security with Mo.net RESTful Quotations Service

Mo.net Quotations Service can be integrated to work with Quotation portals, Policy Admin Systems, Underwriting systems and a variety of other systems in use across the insurance enterprise. Until recently, clients using Mo.net Quotations service have typically hosted it on premise for internal use and therefore required limited security features.  However, with the increased mobilisation of activities to the cloud, security has come under much more scrutiny.

With this in mind the latest release of Mo.net RESTful Quotations Service (v7.7) comes with additional (optional) security features. Some existed prior to v7.7, but we will use this article to make users aware of all those that can now be used, with some details of how to implement them. For further detailed information on how to make use of these features please refer to the Mo.net Quotations Service Installation Guide and the Getting Started with Mo.net Quotations Service documentation.

SSL certification

Using SSL certificates enables users to send requests to and receive results from a secure endpoint ie. Using https. The Mo.net RESTful Quotations Service can be configured to work with SSL certification.

In order to use this functionality you need to have valid certificates in place with the client and server. Detailed implementation is covered in Mo.net Quotations Service Installation Guide and Getting Started with Mo.net Quotations Service documentation.

Black/Whitelisting

This allows users to control which IP addresses can or cannot access the service, thereby ensuring only known authorised requests from allowed IP addresses will receive a successful response.

This is set within the Mo.net RESTful Quotations Service configuration file. Both IPAllow and IPDeny lists are present in the configuration file and the IPDeny list takes priority over the IPAllow list.

The service can be configured to allow and deny any of a specific IP address, an IP address range or an IP address part-range. Further information and examples are given in the Mo.net Quotations Service Installation Guide.

Access keys

Access keys are alphanumeric strings which are used to authenticate the client request to the Mo.net RESTful Quotations Service API. The access keys are tied to licence keys and are generated from the licence management section of the Software Alliance Client Portal. Each generated access key has an expiry date which can be set by the user when it is generated.

Once the access key has been generated against a licence key, Mo.net RESTful Quotations Service should be configured to require an access key and all requests to the Mo.net Quotations Service need to contain the access key as a parameter with a key of sal-accesskey and the value of the access key.

The measures described above are three ways users could choose to enhance the security of their Mo.net RESTful Quotations Service requests.