www.infobip.com
Open in
urlscan Pro
2606:4700:10::6816:44ce
Public Scan
Submitted URL: http://emailtracking-eu2.email-messaging.com/tracking/1/click/ejoRCcw7cfKwhilpbcPgu7W1eKfM7xQsgkHDJ70S_FqkAUf2OvjfEy3h3Kxxlg7Bnf5ElX-_bgwJ__Y...
Effective URL: https://www.infobip.com/docs/essentials/security-recommendations
Submission: On November 16 via api from US — Scanned from GB
Effective URL: https://www.infobip.com/docs/essentials/security-recommendations
Submission: On November 16 via api from US — Scanned from GB
Form analysis 1 forms found in the DOM
POST https://www.infobip.com/docs/search/results
<form action="https://www.infobip.com/docs/search/results" method="post">
<div class="hiddenFields">
<input type="hidden" name="params" value="eyJyZXN1bHRfcGFnZSI6Imh0dHBzOlwvXC93d3cuaW5mb2JpcC5jb21cL2RvY3NcL3NlYXJjaFwvcmVzdWx0cyIsInJlcXVpcmVkIjoia2V5d29yZHMifQ">
<input type="hidden" name="ACT" value="26">
<input type="hidden" name="site_id" value="1">
<input type="hidden" name="csrf_token" value="e48892dec4f4364bb0e2fb19060e9f6af1fc9779">
</div>
<div class="form-group mb-0">
<input id="main-search" class="form-control" type="search" placeholder="Search" autocomplete="off" name="keywords">
</div>
</form>Text Content
THIS WEBSITE USES COOKIES
We use necessary cookies to make our website and web-based interface work. With
your permission we will set optional cookies to provide social media features,
to show you ads relevant to your interests, and to analyse our traffic. We won't
set optional cookies unless you enable them. To get more information about these
cookies, how and why we use them and how you can change your settings, check our
Cookie Policy.
Do not sell or share my personal information
Use necessary cookies only Accept all cookiesShow details
Accept all cookies
Use necessary cookies only Allow selection Allow all cookies
Necessary
Functional
Analytical
Advertising
Show details
Cookie declaration [#IABV2SETTINGS#] About
Necessary (94) Functional (17) Analytical (228) Advertising (220)
Unclassified (29)
We use necessary cookies to make our website and web-based interface work
properly. Necessary cookies enable core functionalities such as security,
network management, and accessibility.
NameProviderPurposeExpiryTypedebugwww.infobip.comThis cookie is used to detect
errors on the website - this information is sent to the website's support staff
in order to optimize the visitor's experience on the
website.PersistentHTMLtcmConsentwww.infobip.comStores the user's cookie consent
state for the current
domainPersistentHTML__Host-airtable-sessionAirtableContains a specific ID for
the current session. This is necessary for running the website correctly. 1
yearHTTP__Host-airtable-session.sigAirtableContains a specific ID for the
current session. This is necessary for running the website correctly. 1
yearHTTPAWSALBAirtableRegisters which server-cluster is serving the visitor.
This is used in context with load balancing, in order to optimize user
experience. 7 daysHTTPAWSALBCORSAirtableRegisters which server-cluster is
serving the visitor. This is used in context with load balancing, in order to
optimize user experience. 7 daysHTTPbrwAirtableDetects and logs potential errors
on third-party provided functions on the website.1
yearHTTPlogin-status-pAirtableThis cookie is necessary for the login function on
the website. SessionHTTPOptanonConsentAirtableDetermines whether the visitor has
accepted the cookie consent box. This ensures that the cookie consent box will
not be presented again upon re-entry. 1 yearHTTPCookieConsent [x21]Cookiebot
experiences.infobip.com
livechat.infobip.com
portal.infobip.com
status.infobip.comStores the user's cookie consent state for the current domain1
yearHTTPwhat-intentcf-cdn.infobip.comDetermines the device used to access the
website. This allows the website to be formatted accordingly.
SessionHTMLtest_cookieGoogleUsed to check if the user's browser supports
cookies.1 dayHTTPcsrftokenEventbriteHelps prevent Cross-Site Request Forgery
(CSRF) attacks.1 yearHTTP__cf_bm [x4]G2Crowd
Vimeo
zoominfo.com
g2.comThis cookie is used to distinguish between humans and bots. This is
beneficial for the website, in order to make valid reports on the use of their
website.1 dayHTTP_grecaptchaGoogleThis cookie is used to distinguish between
humans and bots. This is beneficial for the website, in order to make valid
reports on the use of their website.PersistentHTMLrc::a [x2]Google
AmazonThis cookie is used to distinguish between humans and bots. This is
beneficial for the website, in order to make valid reports on the use of their
website.PersistentHTMLrc::bGoogleThis cookie is used to distinguish between
humans and bots. SessionHTMLrc::c [x2]Google
AmazonThis cookie is used to distinguish between humans and bots.
SessionHTMLrc::d-15#GoogleThis cookie is used to distinguish between humans and
bots. PersistentHTML_csrfinfobip.comEnsures visitor browsing-security by
preventing cross-site request forgery. This cookie is essential for the security
of the website and visitor. 1 dayHTTPajs_anonymous_idinfobip.comThis cookie
helps track visitor usage, events, target marketing, and can also measure
application performance and stability.1 yearHTTPajs_group_idinfobip.comThis
cookie helps track visitor usage, events, target marketing, and can also measure
application performance and stability.1 yearHTTPajs_user_idinfobip.comThis
cookie helps track visitor usage, events, target marketing, and can also measure
application performance and stability.1
yearHTTPIbAuthCookieinfobip.comPendingSessionHTTPPH_HPXY_CHECK [x6]infobip.com
partners.infobip.com
shift.infobip.com
shiftmag.dev
www.infobip.com
www2.infobip.comUsed to detect and prevent brute force attacks on the
website.SessionHTTPli_gcLinkedInStores the user's cookie consent state for the
current domain180 daysHTTPstsservicecookieMicrosoftUsed in connection with the
synchronisation between the website and third-party Data Management Platform.
The cookie serves to monitor this process for security reasons.
SessionHTTPx-ms-gateway-sliceMicrosoftUsed in connection with the
synchronisation between the website and third-party Data Management Platform.
The cookie serves to monitor this process for security reasons.
SessionHTTPcookietest [x13]AmazonThis cookie is used to determine if the visitor
has accepted the cookie consent
box.SessionHTTP_set_cookiesst.infobip.comPendingSessionPixelvisitorIdws.zoominfo.comPreserves
users states across page requests.1
yearHTTPcookies.jscdn.evbstatic.comDetermines whether the visitor has accepted
the cookie consent box. This ensures that the cookie consent box will not be
presented again upon re-entry. SessionHTTPebGAClientIdcdn.evbstatic.comNecessary
for the website's booking functionality. 1 yearHTTP_GRECAPTCHA [x3]Google
www.recaptcha.netThis cookie is used to distinguish between humans and bots.
This is beneficial for the website, in order to make valid reports on the use of
their website.180 daysHTTP__EC_TEST__www.infobip.comUsed to remember if the user
is accessing the website on a computer or mobile
device.SessionHTTP__IB_LT_form_submission_pagewww.infobip.comPending30
daysHTTPes-storagewww.infobip.comPendingPersistentHTMLexp_csrf_tokenwww.infobip.comEnsures
visitor browsing-security by preventing cross-site request forgery. This cookie
is essential for the security of the website and visitor. 1
dayHTTPexp_stashidwww.infobip.comPreserves the visitor's session state across
page requests.SessionHTTPPHPSESSIDwww.infobip.comPreserves user session state
across page
requests.SessionHTTPtraffic_typewww.infobip.comPendingPersistentHTMLbscookie [x2]LinkedInPending1
yearHTTP_splunk_rum_sidcdn.signalfx.comDetects and logs potential errors on
third-party provided functions on the website.1
dayHTTP_rbswww2.infobip.comPending1 dayHTTPCONSENT [x3]YouTubeUsed to detect if
the visitor has accepted the marketing category in the cookie banner. This
cookie is necessary for GDPR-compliance of the website. 2
yearsHTTPvisitor_idZapierPreserves the visitor's session state across page
requests.400 daysHTTP_cfuvidzoominfo.comThis cookie is a part of the services
provided by Cloudflare - Including load-balancing, deliverance of website
content and serving DNS connection for website operators. SessionHTTP
Functionality cookies allow the website and web-based interface to remember your
preferences and settings e.g., by remembering your language choice.
NameProviderPurposeExpiryTypeloglevelwww.infobip.comMaintains settings and
outputs when using the Developer Tools Console on current
session.PersistentHTMLCookieConsentBulkSetting-# [x2]CookiebotEnables cookie
consent across multiple websites1 yearHTML__test__ [x2]com
infobip.comPendingSessionHTTPGEventbriteUsed in context with the language
setting on the website. Facilitates the translation into the preferred language
of the visitor.1 yearHTTPSSEventbriteNecessary for the functionality of the
website's chat-box function.
SessionHTTPwp-wpml_current_language [x2]www.infobip.comDesignates the country
code that is calculated based on the user's IP address. Used to determine what
language should be used for the visitor.SessionHTTPlidcLinkedInRegisters which
server-cluster is serving the visitor. This is used in context with load
balancing, in order to optimize user experience. 1
dayHTTPe22b4f05-d94d-4a45-8c03-dae85ae69572_isWidgetOpenedlivechat.infobip.comPendingPersistentHTMLe473233b-d994-45c5-b51d-fe9bc6547a16_isWidgetOpenedlivechat.infobip.comPendingPersistentHTMLe473233b-d994-45c5-b51d-fe9bc6547a16_last-close-timelivechat.infobip.comPendingPersistentHTMLep#SurveyMonkeySaves
user states across page requests when completing a web-based survey.3
monthsHTTPdjango_timezoneEventbriteHolds the users
timezone.SessionHTTPlightModewww.infobip.comPendingPersistentHTMLzapidentityZapierUsed
to save user preferences in integrated catalogues on the website.1 yearHTTP
These cookies collect information that is used either in aggregate form to help
us understand how our website and web-based interface are being used, how
effective our marketing campaigns are, or to help us customize our web-based
interface for you to enhance your experience.
NameProviderPurposeExpiryType_fs_uid [x2]www.infobip.com
GoogleThis cookie contains an ID string on the current session. This contains
non-personal information on what subpages the visitor enters – this information
is used to optimize the visitor's
experience.PersistentHTML_ga [x3]GoogleRegisters a unique ID that is used to
generate statistical data on how the visitor uses the website.2
yearsHTTP_ga_# [x2]GoogleUsed by Google Analytics to collect data on the number
of times a user has visited the website as well as dates for the first and most
recent visit. 2 yearsHTTP_gid [x3]GoogleRegisters a unique ID that is used to
generate statistical data on how the visitor uses the website.1
dayHTTPAMP_unsent_# [x2]cdn.amplitude.com
www.infobip.comRegisters statistical data on users' behaviour on the website.
Used for internal analytics by the website operator.
PersistentHTMLamplitude_unsent_#cdn.amplitude.comRegisters data on visitors'
website-behaviour. This is used for internal analysis and website optimization.
PersistentHTMLamplitude_unsent_identify_#cdn.amplitude.comRegisters data on
visitors' website-behaviour. This is used for internal analysis and website
optimization.
PersistentHTMLobject(quot;#-#-#T#:#:#.#Zquot;)cdn.amplitude.comPendingPersistentHTMLSTATSIG_LOCAL_STORAGE_INTERNAL_STORE_V4cdn.evbstatic.comThis
cookie is used by the website’s operator in context with multi-variate testing.
This is a tool used to combine or change content on the website. This allows the
website to find the best variation/edition of the site.
PersistentHTMLSTATSIG_LOCAL_STORAGE_STABLE_IDcdn.evbstatic.comThis cookie is
used by the website’s operator in context with multi-variate testing. This is a
tool used to combine or change content on the website. This allows the website
to find the best variation/edition of the site.
PersistentHTMLzapier.visitor_idZapierPendingPersistentHTML_gat [x2]GoogleUsed by
Google Analytics to throttle request rate1 dayHTTPSPEventbriteRegisters
statistical data on users' behaviour on the website. Used for internal analytics
by the website operator. SessionHTTPAMP_TEST [x16]experiences.infobip.com
cdn.amplitude.comRegisters statistical data on users' behaviour on the website.
Used for internal analytics by the website operator.
SessionHTTPsentryReplaySessionwww.infobip.comRegisters data on visitors'
website-behaviour. This is used for internal analysis and website optimization.
SessionHTMLfs_uid [x2]fullstory.com
edge.fullstory.comUsed by Fullstory to track a single user across sessions.1
yearHTTP__utm.gifGoogleGoogle Analytics Tracking Code that logs details about
the visitor's browser and
computer.SessionPixelr/__utm.gifGooglePendingSessionPixel__IB_aud_FTinfobip.comPending30
daysHTTP__IB_l_src_FTinfobip.comPending30
daysHTTP__IB_lp_FTinfobip.comPending728
monthsHTTP__IB_lp_ref_FTinfobip.comPending728
monthsHTTP__IB_prod_FTinfobip.comPending30 daysHTTP__utma [x15]GoogleCollects
data on the number of times a user has visited the website as well as dates for
the first and most recent visit. Used by Google Analytics.2
yearsHTTP__utmb [x15]GoogleRegisters a timestamp with the exact time of when the
user accessed the website. Used by Google Analytics to calculate the duration of
a website visit.1 dayHTTP__utmc [x15]GoogleRegisters a timestamp with the exact
time of when the user leaves the website. Used by Google Analytics to calculate
the duration of a website visit.SessionHTTP__utmt [x15]GoogleUsed to throttle
the speed of requests to the server.1 dayHTTP__utmv [x15]GoogleSaves
user-defined tracking parameters for use in Google
Analytics.SessionHTTP__utmz [x15]infobip.com
GoogleCollects data on where the user came from, what search engine was used,
what link was clicked and what search term was used. Used by Google
Analytics.728 monthsHTTP_hjAbsoluteSessionInProgressHotjarThis cookie is used to
count how many times a website has been visited by different visitors - this is
done by assigning the visitor an ID, so the visitor does not get registered
twice.1 dayHTTP_hjFirstSeenHotjarThis cookie is used to determine if the visitor
has visited the website before, or if it is a new visitor on the website.1
dayHTTP_hjIncludedInSessionSample_#HotjarCollects statistics on the visitor's
visits to the website, such as the number of visits, average time spent on the
website and what pages have been read.1 dayHTTP_hjSession_#HotjarCollects
statistics on the visitor's visits to the website, such as the number of visits,
average time spent on the website and what pages have been read.1
dayHTTP_hjSessionUser_#HotjarCollects statistics on the visitor's visits to the
website, such as the number of visits, average time spent on the website and
what pages have been read.1 yearHTTP_hjTLDTestHotjarDetects the SEO-ranking for
the current website. This service is part of a third-party statistics and
analysis service. SessionHTTP_tldtest_#cdn.amplitude.comRegisters statistical
data on users' behaviour on the website. Used for internal analytics by the
website operator. SessionHTTPamp_#cdn.amplitude.comRegisters statistical data on
users' behaviour on the website. Used for internal analytics by the website
operator. 1 yearHTTPamp_cookie_test# [x2]cdn.amplitude.comRegisters statistical
data on users' behaviour on the website. Used for internal analytics by the
website operator. 1 yearHTTPAMP_MKTG_#cdn.amplitude.comRegisters statistical
data on users' behaviour on the website. Used for internal analytics by the
website operator. 1 yearHTTPAMP_TLDTESTcdn.amplitude.comRegisters statistical
data on users' behaviour on the website. Used for internal analytics by the
website operator. SessionHTTPamplitude_#cdn.amplitude.comRegisters statistical
data on users' behaviour on the website. Used for internal analytics by the
website operator. 1 yearHTTPapt.sidinfobip.comSession id. Ensures proper
tutorial placement and website tracking by Gainsight.1
yearHTTPapt.uidinfobip.comUser id. Ensures proper tutorial placement and website
tracking by Gainsight.2 yearsHTTPFPAUinfobip.comAssigns a specific ID to the
visitor. This allows the website to determine the number of specific user-visits
for analysis and statistics.SessionHTTPFPIDinfobip.comRegisters statistical data
on users' behaviour on the website. Used for internal analytics by the website
operator. SessionHTTPFPLCinfobip.comRegisters a unique ID that is used to
generate statistical data on how the visitor uses the
website.SessionHTTPfs_luaedge.fullstory.comCollects data on the user’s
navigation and behavior on the website. This is used to compile statistical
reports and heatmaps for the website owner.1
dayHTTPIbEntryLocaleinfobip.comPending1 yearHTTPln_or [x4]LinkedInRegisters
statistical data on users' behaviour on the website. Used for internal analytics
by the website operator. 1 dayHTTPowasco_csrf_tokeninfobip.comPending1
dayHTTPowasco_shortlist_session_idinfobip.comPending7
daysHTTPowasco_trackerinfobip.comPendingSessionHTTPSignupSourceAmazonPendingSessionHTTPusr_srcinfobip.comUsed
to track the channel of traffic.1 dayHTTPNRBA_SESSIONwww.infobip.comCollects
data on the user’s navigation and behavior on the website. This is used to
compile statistical reports and heatmaps for the website
owner.PersistentHTMLAnalyticsSyncHistoryLinkedInUsed in connection with
data-synchronization with third-party analysis service. 30
daysHTTPfpcMicrosoftRegisters a unique ID that is used to generate statistical
data on how the visitor uses the website.30 daysHTTPcookiecookie [x13]AmazonThis
cookie is used by the website’s operator in context with multi-variate testing.
This is a tool used to combine or change content on the website. This allows the
website to find the best variation/edition of the
site.SessionHTTPNRBA_SESSION_ID [x12]portal.infobip.com
portal-tr1.infobip.com
www.infobip.com
portal2.infobip.com
portal-ae2.infobip.com
portal-eu1.infobip.com
portal-eu2.infobip.com
portal-gb1.infobip.com
portal-id1.infobip.com
portal-munm.infobip.com
portal-ny2.infobip.com
portal-sa2.infobip.comCollects data on the user’s navigation and behavior on the
website. This is used to compile statistical reports and heatmaps for the
website owner.SessionHTMLbrowser_idLinkedinUsed to recognise the visitor's
browser upon reentry on the website.5 yearsHTTPpersonalization_idTwitter
Inc.This cookie is set by Twitter - The cookie allows the visitor to share
content from the website onto their Twitter profile. 2
yearsHTTPvuidVimeoCollects data on the user's visits to the website, such as
which pages have been read.2 yearsHTTPziwsSessionAmazonCollects statistics on
the user's visits to the website, such as the number of visits, average time
spent on the website and what pages have been
read.SessionHTMLziwsSessionIdws.zoominfo.comCollects statistics on the user's
visits to the website, such as the number of visits, average time spent on the
website and what pages have been
read.SessionHTMLdd_cookie_test_#cdn.evbstatic.comRegisters data on visitors'
website-behaviour. This is used for internal analysis and website optimization.
1 dayHTTPgtmBrowserIdGoogleThis cookie is used to determine if the visitor has
visited the website before, or if it is a new visitor on the
website.PersistentHTML__IB_FT_channel_groupingwww.infobip.comPending30
daysHTTP__IB_FT_landing_pagewww.infobip.comPending30
daysHTTP__IB_FT_referrer_pagewww.infobip.comPending30
daysHTTP__IB_FT_utm_campaignwww.infobip.comPending30
daysHTTP__IB_FT_utm_contentwww.infobip.comPending30
daysHTTP__IB_FT_utm_mediumwww.infobip.comPending30
daysHTTP__IB_FT_utm_sourcewww.infobip.comPending30
daysHTTP__IB_FT_utm_termwww.infobip.comPending30
daysHTTP__IB_LT_channel_groupingwww.infobip.comPending30
daysHTTP__IB_LT_ga_client_idwww.infobip.comPending30
daysHTTP__IB_LT_landing_pagewww.infobip.comPending30
daysHTTP__IB_LT_referrer_pagewww.infobip.comPending30
daysHTTP__IB_LT_signupSourcewww.infobip.comPending30
daysHTTP__IB_LT_utm_campaignwww.infobip.comPending30
daysHTTP__IB_LT_utm_contentwww.infobip.comPending30
daysHTTP__IB_LT_utm_mediumwww.infobip.comPending30
daysHTTP__IB_LT_utm_sourcewww.infobip.comPending30
daysHTTP__IB_LT_utm_termwww.infobip.comPending30
daysHTTP__IB_LT_visitor_key_gawww.infobip.comPending30
daysHTTPexp_last_activitywww.infobip.comContains information on what date the
user last visited the website. Used to generate statistical data.1
yearHTTPexp_last_visitwww.infobip.comContains information on what date the user
last visited the website. Used to generate statistical data.1
yearHTTPexp_trackerwww.infobip.comContains information on what date the user
last visited the website. Used to generate statistical
data.SessionHTTPibvisitordatawww2.infobip.comPendingPersistentHTMLSignupSource [x2]www2.infobip.com
www.infobip.comPendingPersistentHTML__tzpZapierPendingSessionHTTPcurrentAccountIdZapierPendingSessionHTTP
Infobip may use third party cookies that collect information about your browsing
habits across websites in order to make advertising relevant to you and your
interests. Such ads are more valuable both for you and for the advertisers.
NameProviderPurposeExpiryTypecompanyDatawww.infobip.comPendingSessionHTMLyt.innertube::requestswww.infobip.comRegisters
a unique ID to keep statistics of what videos from YouTube the user has
seen.PersistentHTMLrp.gifRedditNecessary for the implementation of the
Reddit.com's share-button function.SessionPixel_sBranchCollects data on user
behaviour and interaction in order to optimize the website and make
advertisement on the website more relevant. 1 yearHTTP_uetsid [x2]MicrosoftUsed
to track visitors on multiple websites, in order to present relevant
advertisement based on the visitor's preferences.
PersistentHTML_uetsid_exp [x2]MicrosoftContains the expiry-date for the cookie
with corresponding name. PersistentHTML_uetvid [x2]MicrosoftUsed to track
visitors on multiple websites, in order to present relevant advertisement based
on the visitor's preferences. PersistentHTML_uetvid_exp [x2]MicrosoftContains
the expiry-date for the cookie with corresponding name.
PersistentHTMLMUIDMicrosoftUsed widely by Microsoft as a unique user ID. The
cookie enables user tracking by synchronising the ID across many Microsoft
domains.1 yearHTTPCMIDCasale MediaCollects visitor data related to the user's
visits to the website, such as the number of visits, average time spent on the
website and what pages have been loaded, with the purpose of displaying targeted
ads.1 yearHTTPCMPROCasale MediaCollects data on visitor behaviour from multiple
websites, in order to present more relevant advertisement - This also allows the
website to limit the number of times that they are shown the same advertisement.
3 monthsHTTPCMPSCasale MediaCollects visitor data related to the user's visits
to the website, such as the number of visits, average time spent on the website
and what pages have been loaded, with the purpose of displaying targeted ads.3
monthsHTTPrumCasale MediaCollects data related to the user's visits to the
website, such as the number of visits, average time spent on the website and
what pages have been loaded, with the purpose of displaying targeted
ads.SessionPixelbranch_sessioncdn.branch.ioMeasure wether the user has made any
app-downloads on the website, used for statistics and marketing purposes.
SessionHTMLbranch_session_firstcdn.branch.ioMeasure wether the user has made any
app-downloads on the website, used for statistics and marketing purposes.
PersistentHTMLtuuidDemandBaseCollects visitor data related to the user's visits
to the website, such as the number of visits, average time spent on the website
and what pages have been loaded, with the purpose of displaying targeted ads.400
daysHTTPtuuid_luDemandBaseContains a unique visitor ID, which allows
Bidswitch.com to track the visitor across multiple websites. This allows
Bidswitch to optimize advertisement relevance and ensure that the visitor does
not see the same ads multiple times. 400 daysHTTPlastExternalReferrer Meta
Platforms, Inc.Detects how the user reached the website by registering their
last URL-address.PersistentHTMLlastExternalReferrerTime Meta Platforms,
Inc.Detects how the user reached the website by registering their last
URL-address.PersistentHTML__anon_idAmazonCollects visitor data related to the
user's visits to the website, such as the number of visits, average time spent
on the website and what pages have been loaded, with the purpose of displaying
targeted
ads.PersistentHTMLactivity;xsp=#;ord=#GooglePendingSessionPixelactivity;xsp=4862460;ord=1163749606096589GooglePendingSessionPixelactivity;xsp=4862460;ord=1222651102802061GooglePendingSessionPixelactivity;xsp=4862460;ord=1274786171118038GooglePendingSessionPixelactivity;xsp=4862460;ord=155979378992630GooglePendingSessionPixelactivity;xsp=4862460;ord=1562656955720531GooglePendingSessionPixelactivity;xsp=4862460;ord=1588919501532597GooglePendingSessionPixelactivity;xsp=4862460;ord=1628474995456730GooglePendingSessionPixelactivity;xsp=4862460;ord=1628659539819923GooglePendingSessionPixelactivity;xsp=4862460;ord=1680459438980950GooglePendingSessionPixelactivity;xsp=4862460;ord=1857325980429041GooglePendingSessionPixelactivity;xsp=4862460;ord=1868842167414763GooglePendingSessionPixelactivity;xsp=4862460;ord=1875127631698638GooglePendingSessionPixelactivity;xsp=4862460;ord=1908638538488176GooglePendingSessionPixelactivity;xsp=4862460;ord=2129485268535320GooglePendingSessionPixelactivity;xsp=4862460;ord=2165310486667448GooglePendingSessionPixelactivity;xsp=4862460;ord=2207699516579930GooglePendingSessionPixelactivity;xsp=4862460;ord=224353486720036GooglePendingSessionPixelactivity;xsp=4862460;ord=2270720543796831GooglePendingSessionPixelactivity;xsp=4862460;ord=2281454428654956GooglePendingSessionPixelactivity;xsp=4862460;ord=2303203908164939GooglePendingSessionPixelactivity;xsp=4862460;ord=2496099915170020GooglePendingSessionPixelactivity;xsp=4862460;ord=2788996874878726GooglePendingSessionPixelactivity;xsp=4862460;ord=2916554512609814GooglePendingSessionPixelactivity;xsp=4862460;ord=2995466123041022GooglePendingSessionPixelactivity;xsp=4862460;ord=3007561334505426GooglePendingSessionPixelactivity;xsp=4862460;ord=3069064204150686GooglePendingSessionPixelactivity;xsp=4862460;ord=3125182680003564GooglePendingSessionPixelactivity;xsp=4862460;ord=3209747201309065GooglePendingSessionPixelactivity;xsp=4862460;ord=3235525880028094GooglePendingSessionPixelactivity;xsp=4862460;ord=3334017085039689GooglePendingSessionPixelactivity;xsp=4862460;ord=3369769406841463GooglePendingSessionPixelactivity;xsp=4862460;ord=3399960861500335GooglePendingSessionPixelactivity;xsp=4862460;ord=3512780344466923GooglePendingSessionPixelactivity;xsp=4862460;ord=351385694835910GooglePendingSessionPixelactivity;xsp=4862460;ord=372802414617732GooglePendingSessionPixelactivity;xsp=4862460;ord=3742448480681946GooglePendingSessionPixelactivity;xsp=4862460;ord=4072710856763157GooglePendingSessionPixelactivity;xsp=4862460;ord=4219576911579483GooglePendingSessionPixelactivity;xsp=4862460;ord=4281073379696329GooglePendingSessionPixelactivity;xsp=4862460;ord=4472684129840494GooglePendingSessionPixelactivity;xsp=4862460;ord=4593595840110229GooglePendingSessionPixelactivity;xsp=4862460;ord=4730434121978158GooglePendingSessionPixelactivity;xsp=4862460;ord=4730831259052184GooglePendingSessionPixelactivity;xsp=4862460;ord=476919246196474GooglePendingSessionPixelactivity;xsp=4862460;ord=4922205165472904GooglePendingSessionPixelactivity;xsp=4862460;ord=4981913293286551GooglePendingSessionPixelactivity;xsp=4862460;ord=5241695337711820GooglePendingSessionPixelactivity;xsp=4862460;ord=5299970064687238GooglePendingSessionPixelactivity;xsp=4862460;ord=534054798244905GooglePendingSessionPixelactivity;xsp=4862460;ord=5345515729913906GooglePendingSessionPixelactivity;xsp=4862460;ord=5424824881211363GooglePendingSessionPixelactivity;xsp=4862460;ord=5447059787273547GooglePendingSessionPixelactivity;xsp=4862460;ord=5551269275994475GooglePendingSessionPixelactivity;xsp=4862460;ord=5610438856808240GooglePendingSessionPixelactivity;xsp=4862460;ord=5640496822609957GooglePendingSessionPixelactivity;xsp=4862460;ord=5693494083054125GooglePendingSessionPixelactivity;xsp=4862460;ord=5737429767595748GooglePendingSessionPixelactivity;xsp=4862460;ord=5790877819949218GooglePendingSessionPixelactivity;xsp=4862460;ord=5891994313985838GooglePendingSessionPixelactivity;xsp=4862460;ord=589465525768215GooglePendingSessionPixelactivity;xsp=4862460;ord=5961794119754766GooglePendingSessionPixelactivity;xsp=4862460;ord=616162349781037GooglePendingSessionPixelactivity;xsp=4862460;ord=6186901540809371GooglePendingSessionPixelactivity;xsp=4862460;ord=6328011760827261GooglePendingSessionPixelactivity;xsp=4862460;ord=6456192067357494GooglePendingSessionPixelactivity;xsp=4862460;ord=6543744113535548GooglePendingSessionPixelactivity;xsp=4862460;ord=6603644263522326GooglePendingSessionPixelactivity;xsp=4862460;ord=6832188153699501GooglePendingSessionPixelactivity;xsp=4862460;ord=6868293060920272GooglePendingSessionPixelactivity;xsp=4862460;ord=6900429689558407GooglePendingSessionPixelactivity;xsp=4862460;ord=7058180263432186GooglePendingSessionPixelactivity;xsp=4862460;ord=7065457392656673GooglePendingSessionPixelactivity;xsp=4862460;ord=7184714857851471GooglePendingSessionPixelactivity;xsp=4862460;ord=7199423924327382GooglePendingSessionPixelactivity;xsp=4862460;ord=7225015975289251GooglePendingSessionPixelactivity;xsp=4862460;ord=7341074920069979GooglePendingSessionPixelactivity;xsp=4862460;ord=7379935776374527GooglePendingSessionPixelactivity;xsp=4862460;ord=7383716882190525GooglePendingSessionPixelactivity;xsp=4862460;ord=7420169942848069GooglePendingSessionPixelactivity;xsp=4862460;ord=7546295451693237GooglePendingSessionPixelactivity;xsp=4862460;ord=7617716859722548GooglePendingSessionPixelactivity;xsp=4862460;ord=7793998335217318GooglePendingSessionPixelactivity;xsp=4862460;ord=787851193384587GooglePendingSessionPixelactivity;xsp=4862460;ord=7933953467116397GooglePendingSessionPixelactivity;xsp=4862460;ord=7973673236863066GooglePendingSessionPixelactivity;xsp=4862460;ord=7988330759957105GooglePendingSessionPixelactivity;xsp=4862460;ord=8066549499855680GooglePendingSessionPixelactivity;xsp=4862460;ord=8095048696500058GooglePendingSessionPixelactivity;xsp=4862460;ord=809739827798292GooglePendingSessionPixelactivity;xsp=4862460;ord=8160251562255436GooglePendingSessionPixelactivity;xsp=4862460;ord=8445581399850470GooglePendingSessionPixelactivity;xsp=4862460;ord=8862504122120380GooglePendingSessionPixelactivity;xsp=4862460;ord=8866183839175545GooglePendingSessionPixelactivity;xsp=4862460;ord=8942641458049316GooglePendingSessionPixelactivity;xsp=4862460;ord=8993273751436159GooglePendingSessionPixelactivity;xsp=4862460;ord=9149804495775928GooglePendingSessionPixelactivity;xsp=4862460;ord=929000907326007GooglePendingSessionPixelactivity;xsp=4862460;ord=9466390705338946GooglePendingSessionPixelactivity;xsp=4862460;ord=9521172465444296GooglePendingSessionPixelactivity;xsp=4862460;ord=9759040581897150GooglePendingSessionPixelactivity;xsp=4862460;ord=976502629936995GooglePendingSessionPixelIDEGoogleUsed
by Google DoubleClick to register and report the website user's actions after
viewing or clicking one of the advertiser's ads with the purpose of measuring
the efficacy of an ad and to present targeted ads to the user.1
yearHTTPpagead/landing [x2]GoogleCollects data on visitor behaviour from
multiple websites, in order to present more relevant advertisement - This also
allows the website to limit the number of times that they are shown the same
advertisement. SessionPixelpagead/viewthroughconversion/935890331GoogleCollects
data on visitor behaviour from multiple websites, in order to present more
relevant advertisement - This also allows the website to limit the number of
times that they are shown the same
advertisementSessionPixel_fs_tab_id [x2]edge.fullstory.comTracks the individual
sessions on the website, allowing the website to compile statistical data from
multiple visits. This data can also be used to create leads for marketing
purposes.SessionHTML__tld__ [x2]cdn.evbstatic.comUsed to track visitors on
multiple websites, in order to present relevant advertisement based on the
visitor's preferences. SessionHTTPANEventbriteImplements and collects data on
the user’s interaction with the EventBrite-integration. This service is used to
promote and sell tickets to events across multiple websites. 30
daysHTTPASEventbritePendingSessionHTTPebEventToTrackEventbriteImplements and
collects data on the user’s interaction with the EventBrite-integration. This
service is used to promote and sell tickets to events across multiple websites.
30 daysHTTPmgrefEventbriteCollects information on user preferences and/or
interaction with web-campaign content - This is used on CRM-campaign-platform
used by website owners for promoting events or products.1
yearHTTPmgrefbyEventbriteCollects information on user preferences and/or
interaction with web-campaign content - This is used on CRM-campaign-platform
used by website owners for promoting events or products.1
yearHTTPads/ga-audiences [x3]GoogleUsed by Google AdWords to re-engage visitors
that are likely to convert to customers based on the visitor's online behaviour
across websites.SessionPixelpagead/1p-conversion/#GoogleCollects data on visitor
behaviour from multiple websites, in order to present more relevant
advertisement - This also allows the website to limit the number of times that
they are shown the same
advertisementSessionPixelpagead/1p-conversion/#/GooglePendingSessionPixelpagead/conversion/#GoogleCollects
data on visitor behaviour from multiple websites, in order to present more
relevant advertisement - This also allows the website to limit the number of
times that they are shown the same advertisement.
SessionPixelrc::fwww.recaptcha.netThis cookie is used to distinguish between
humans and bots. PersistentHTML__IB_amp_did [x7]infobip.com
partners.infobip.com
portal-ae2.infobip.com
portal-eu1.infobip.com
portal-gb1.infobip.com
portal-munm.infobip.com
shift.infobip.comPending30 daysHTTP__IB_FT_signupSourceinfobip.comPending30
daysHTTP_fbpinfobip.comUsed by Facebook to deliver a series of advertisement
products such as real time bidding from third party
advertisers.SessionHTTP_gcl_auGoogleUsed by Google AdSense for experimenting
with advertisement efficiency across websites using their services. 3
monthsHTTP_rdt_uuidRedditUsed to track visitors on multiple websites, in order
to present relevant advertisement based on the visitor's preferences. 3
monthsHTTP_uetsidMicrosoftCollects data on visitor behaviour from multiple
websites, in order to present more relevant advertisement - This also allows the
website to limit the number of times that they are shown the same advertisement.
1 dayHTTP_uetvidMicrosoftUsed to track visitors on multiple websites, in order
to present relevant advertisement based on the visitor's preferences. 1
yearHTTPbcookieLinkedInUsed by the social networking service, LinkedIn, for
tracking the use of embedded services.1 yearHTTPli_sugrLinkedInCollects data on
user behaviour and interaction in order to optimize the website and make
advertisement on the website more relevant. 3
monthsHTTPUserMatchHistoryLinkedInEnsures visitor browsing-security by
preventing cross-site request forgery. This cookie is essential for the security
of the website and visitor. 30
daysHTTPmaps/gen_204www2.infobip.comPendingSessionPixel_/ad/75aa344edeef4dbfa3b3dd7cb5f40e6f/pixelQuoraCollects
data on user behaviour and interaction in order to optimize the website and make
advertisement on the website more relevant. SessionPixelsp_landingSpotifyUsed to
implement audio-content from Spotify on the website. Can also be used to
register user interaction and preferences in context with audio-content - This
can serve statistics and marketing purposes. 1 dayHTTPsp_tSpotifyUsed to
implement audio-content from Spotify on the website. Can also be used to
register user interaction and preferences in context with audio-content - This
can serve statistics and marketing purposes. 1 yearHTTP1/i/adsct [x2]Twitter
Inc.Collects data on user behaviour and interaction in order to optimize the
website and make advertisement on the website more relevant.
SessionPixeli/adsct [x2]Twitter Inc.The cookie is used by Twitter.com in order
to determine the number of visitors accessing the website through Twitter
advertisement content. SessionPixelmuc_adsTwitter Inc.Collects data on user
behaviour and interaction in order to optimize the website and make
advertisement on the website more relevant. 2 yearsHTTP_session_idG2CrowdStores
visitors' navigation by registering landing pages - This allows the website to
present relevant products and/or measure their advertisement efficiency on other
websites. 14 daysHTTPsyncTelariaCollects data on user behaviour and interaction
in order to optimize the website and make advertisement on the website more
relevant. SessionPixeltv_UIDMTelariaPending400 daysHTTPtvidTelariaPresents the
user with relevant content and advertisement. The service is provided by
third-party advertisement hubs, which facilitate real-time bidding for
advertisers.1 yearHTTPguest_idTwitter Inc.Collects data related to the user's
visits to the website, such as the number of visits, average time spent on the
website and which pages have been loaded, with the purpose of personalising and
improving the Twitter service.400 daysHTTPguest_id_adsTwitter Inc.Collects
information on user behaviour on multiple websites. This information is used in
order to optimize the relevance of advertisement on the website.400
daysHTTPguest_id_marketingTwitter Inc.Collects information on user behaviour on
multiple websites. This information is used in order to optimize the relevance
of advertisement on the website.400 daysHTTPi/jot/embedsTwitter Inc.Sets a
unique ID for the visitor, that allows third party advertisers to target the
visitor with relevant advertisement. This pairing service is provided by third
party advertisement hubs, which facilitates real-time bidding for
advertisers.SessionPixelajs%3Acookiescdn.evbstatic.comCollects data on visitors.
This information is used to assign visitors into segments, making website
advertisement more efficient. 1 yearHTTPajs%3Atestcdn.evbstatic.comCollects data
on visitors. This information is used to assign visitors into segments, making
website advertisement more efficient. 1
yearHTTPLAST_RESULT_ENTRY_KEY [x2]YouTubeUsed to track user’s interaction with
embedded content.SessionHTTPnextId [x2]YouTubeUsed to track user’s interaction
with embedded content.SessionHTTPrequests [x2]YouTubeUsed to track user’s
interaction with embedded
content.SessionHTTPyt.innertube::nextId [x2]YouTubeRegisters a unique ID to keep
statistics of what videos from YouTube the user has
seen.PersistentHTMLytidb::LAST_RESULT_ENTRY_KEY [x2]YouTubeStores the user's
video player preferences using embedded YouTube
videoPersistentHTMLYtIdbMeta#databases [x2]YouTubeUsed to track user’s
interaction with embedded
content.PersistentIDByt-remote-cast-available [x2]YouTubeStores the user's video
player preferences using embedded YouTube
videoSessionHTMLyt-remote-cast-installed [x2]YouTubeStores the user's video
player preferences using embedded YouTube
videoSessionHTMLyt-remote-connected-devices [x2]YouTubeStores the user's video
player preferences using embedded YouTube
videoPersistentHTMLyt-remote-device-id [x2]YouTubeStores the user's video player
preferences using embedded YouTube
videoPersistentHTMLyt-remote-fast-check-period [x2]YouTubeStores the user's
video player preferences using embedded YouTube
videoSessionHTMLyt-remote-session-app [x2]YouTubeStores the user's video player
preferences using embedded YouTube
videoSessionHTMLyt-remote-session-name [x2]YouTubeStores the user's video player
preferences using embedded YouTube
videoSessionHTMLoutbrain_cid_fetchOutbrainCollects data on the user’s navigation
and behavior on the website. This is used to compile statistical reports and
heatmaps for the website owner.1 dayHTTP__Secure-YECYouTubeStores the user's
video player preferences using embedded YouTube video13
monthsHTTPDEVICE_INFOYouTubeUsed to track user’s interaction with embedded
content.180
daysHTTPLogsDatabaseV2:V#||LogsRequestsStoreYouTubePendingPersistentIDBLogsDatabaseV2:Vb0957baf||#LogsRequestsStoreYouTubePendingPersistentIDBremote_sidYouTubeNecessary
for the implementation and functionality of YouTube video-content on the
website.
SessionHTTPServiceWorkerLogsDatabase#SWHealthLogwww2.infobip.comPendingPersistentIDBTESTCOOKIESENABLEDYouTubePending1
dayHTTPVISITOR_INFO1_LIVEYouTubeTries to estimate the users' bandwidth on pages
with integrated YouTube videos.180
daysHTTPVISITOR_PRIVACY_METADATAYouTubePending180 daysHTTPYSCYouTubeRegisters a
unique ID to keep statistics of what videos from YouTube the user has
seen.SessionHTTP__tnpZapierTracks the individual sessions on the website,
allowing the website to compile statistical data from multiple visits. This data
can also be used to create leads for marketing
purposes.SessionHTTPzapsessionZapierTracks the individual sessions on the
website, allowing the website to compile statistical data from multiple visits.
This data can also be used to create leads for marketing purposes.7 daysHTTP
Unclassified cookies are cookies that we are in the process of classifying.
NameProviderPurposeExpiryType_fs_luawww.infobip.comPendingPersistentHTMLe473233b-d994-45c5-b51d-fe9bc6547a16_formStatuswww.infobip.comPendingPersistentHTMLlanguageCodewww.infobip.comPendingPersistentHTMLtcm3PConsentwww.infobip.comPendingPersistentHTMLtcmQuarantinewww.infobip.comPendingPersistentHTMLtcmuwww.infobip.comPendingPersistentHTMLEB.fonts.neueplak.08-22-2023cdn.evbstatic.comPendingPersistentHTMLEB.fonts.neueplak-condensed.08-22-2023cdn.evbstatic.comPendingPersistentHTMLinitialLocaleAmazonPendingPersistentHTMLPE-state [x2]AmazonPendingPersistentHTMLdicbo_fetch [x3]OutbrainPending1
dayHTTPPLACEIMGSESSwww2.infobip.comPendingSessionHTTPIb2fa [x10]AmazonPendingSessionHTTPPE-storageAmazonPendingPersistentHTMLpagead/1p-conversion/935890331/GooglePendingSessionPixeltdGooglePendingSessionPixelssohintZapierPendingSessionHTTP
[#IABV2_LABEL_PURPOSES#] [#IABV2_LABEL_FEATURES#] [#IABV2_LABEL_PARTNERS#]
[#IABV2_BODY_PURPOSES#]
[#IABV2_BODY_FEATURES#]
[#IABV2_BODY_PARTNERS#]
Last updated: December 23, 2022
Table of contents:
1. Introduction
2. General information about cookies and related technologies
3. Cookies used by Infobip
4. Managing cookies
5. Contact details
6. Your cookie consent information
1. Introduction
In the spirit of transparency, this Cookie Policy (“Policy”) provides detailed
information about cookies and related technologies. It applies to the
Infobip.com family of websites, including Infobip’s web-based interface and
Infobip.org (collectively referred to as “website”). The website is operated by
the company Infobip Limited with its registered office at 35-38 New Bridge
Street, Fifth Floor, London EC4V 6BW, United Kingdom, and registration number
7085757 (“Infobip”, “we”, “us”, “our”, etc.).
In addition to this Policy, further general information on how we use, store,
and keep your personal data secure is provided in our Privacy Notice.
From time to time, we may update this Policy due to changes in applicable legal
framework, technology or our business model. If we do, we will notify you by
posting the Policy on our website with a new effective date, prior to the update
becoming effective.
2. General information about cookies and related technologies
Cookies are small text files that we and associated third parties place on your
device (e.g. computer or smartphone) when you visit our website and web-based
interface. These files generally contain a string of alphanumeric characters,
and they allow our servers to recognize your session in order to properly load
the website for you and provide you with the requested service (e.g. to log in).
Some cookies are necessary for the website to properly function, so they cannot
be turned off. Other cookies are optional because they are not strictly
necessary for the website to function, even though they might provide additional
functionalities. Optional cookies can be turned off.
Aside from the necessary versus optional distinction, cookies are also sometimes
categorized based on the domain which sets them (first vs third-party ones) and
on the duration for which they are stored on your device (session vs
persistent).
In addition to cookies, we might also use related technologies – such as web
beacons (including tracking pixels) and HTTP requests in general – on our
website. These technologies allow for standard information related to website
browsing such as IP address, browser type, and the pages you have visited to be
transferred to us or to associated third parties.
3. Cookies used by Infobip
Infobip uses both necessary and optional (if enabled) cookies on its website.
Optional cookies generally fall into one of these three categories: functional,
analytical, or advertising. The data collected by cookies is used to:
NECESSARY
Make the website work properly. Necessary cookies enable core functionalities
such as security, network management, and accessibility.
OPTIONAL
Functional: Enable specific functionalities. Functional cookies allow the
website to remember your preferences and settings. For example, functional
cookies will remember your language choice and display the website in your
preferred language.
Analytical: Help us understand how the website is being used. This might also
include analyzing how effective our campaigns are. Most of the information is in
an aggregated form, but some data might be used to help us customize the website
to enhance the overall experience for you.
Advertising: Facilitate personalized and other advertising. This data might be
used to make advertising relevant to you and your interests. Such ads are
generally more valuable for both you and the advertisers.
A detailed and up-to-date list of all cookies utilized on the website is
available below.
4. Managing cookies
When you first visit our website, you will see our cookie consent banner that
allows you to manage your cookie settings. As explained above, necessary cookies
will always be active, but you can either enable or disable optional cookies.
Once you make your choices, the website will remember your preferences and will
respect them accordingly.
You can change your preferences or withdraw your consent at any time by
accessing our cookie consent banner below.
In addition to managing cookies on the website via our cookie consent banner,
you can also manage the cookies on this and other websites via the internet
browser that you are using on your device. You can obtain more detailed
information by navigating to the support pages of your browser provider such as
Mozilla (Firefox), Apple (Safari), Microsoft (Edge), or Google (Chrome). A
similar solution – on top of managing your choices directly through the cookie
consent banner for this website – exists for Google Analytics. If you want to
opt out of being tracked by Google Analytics on this and other websites, you can
visit this page for more information.
5. Contact details
If you have any questions regarding this Policy, please feel free to reach out
to our Privacy team at data-protection-officer@infobip.com.
6. Your cookie consent information
Your consent applies to the following domains: www2.infobip.com,
portal-ae2.infobip.com, portal-gb1.infobip.com, campaigns.infobip.com,
portal-tr1.infobip.com, portal-sa2.infobip.com, portal-eu2.infobip.com,
portal-eu1.infobip.com, portal-id1.infobip.com, status.infobip.com,
www.infobip.com, partners.infobip.com, startups.infobip.com, shift.infobip.com,
portal.infobip.com, portal-ny2.infobip.com, portal-munm.infobip.com,
portal2.infobip.com
Cookie declaration last updated on 19/10/2023 by Cookiebot
MENU
* Product Documentation
* Tutorials
* API
* SDKs
* Integrations
* Essentials
* Release Notes
* Try for free
Search... Close
View All Essentials
Security rules and recommendations
* Manage roles
* Manage users
* Manage accounts
* Account settings
* Access account
* Payments
* Security rules and recommendations
SECURITY RULES AND RECOMMENDATIONS
The security guidelines included below are meant to help you securely perform
most common user actions, like authentication, file transfer, etc. within the
Infobip platform and through the Infobip APIs.
ACCOUNT SECURITY
Once you create an Infobip account, you’ll use your username and password to
sign in to the Infobip account (also referred to as the Infobip web interface).
Note that your username cannot contain special characters and cannot be changed
once generated.
PASSWORD MANAGEMENT
Infobip password strength is set by default to very strong. The general password
requirements are:
* Lowercase letter
* Uppercase letter
* Number
* 10 to 50 characters
* Symbol
* No 3+ repeated characters
* Allowed characters A to Z, a to z, 0 to 9 and symbols
Follow these important password tips to help protect your account:
* Do not use the same password for different users.
* Do not use passwords that you use elsewhere, especially for other online
channels/services.
* Change passwords periodically, on a quarterly basis at least.
* Never share your passwords or the API keys with 3rd parties, including
Infobip staff. Instead, use the Infobip web interface password reset form or
manage API keys over the appropriate interface.
ACCOUNT USERS
Here's how to manage account user credentials for maximum security:
1. Within the Infobip web interface, navigate to Settings → User & Teams.
* Leave the admin user as the Account Manager role and remove all roles that
allow for traffic broadcast. For other users, remove the Account Manager
role and assign roles for traffic broadcast.
* Verify the user’s GSM and email address.
2. Navigate to Settings → My Account. Use the list below as a reference, and
visit the Security Settings topic for more details on how to configure each
setting.
* Two-factor authentication is enabled by default, configurable options are
“Remembered” or “On Each Login”. 2FA will not impede API connectivity.
* Set up password validity duration.
* Set up max login attempts.
* Set up user inactivity days.
TRAFFIC SECURITY
SUPPORT FOR TLS
As of July 5, 2021, we only support TLS v1.2. The support for previous versions
has been discontinued. If you are using a TLS version lower than 1.2, you won't
be able to send any requests to our platform. If you are not sure which TLS
version you are currently on or need assistance with upgrading to a new version,
contact support@infobip.com and we'll be more than happy to help you.
ENTRY POINT-SPECIFIC USERS
User credentials can be used via web interface or via API. It is important not
to mix the API users and the users who interact with Infobip through the web
interface connectivity.—keep user for API (accessible solely from the IP
Safelist), use the rest of the users for web interface to prevent connectivity
issues. API users should only be able to use the API through URLs that belong to
the IP Safelist to prevent connectivity issues.
TRAFFIC BROADCAST
If you use the API over the SMPP, create a dedicated user for broadcasting
traffic and use their credentials over an SSL connection to broadcast traffic.
If you use the API over the HTTP, avoid broadcasting traffic with user
credentials. Use an API key instead.
Increase security for API connectivity by using an API key or token
authorization type, as suggested in the Create API Key topic. This is to
mitigate the risk of network data transfer interception.
Set up an IP safelist of allowed IP addresses, by IP or by the whole IP range on
API keys.
To do it through the Infobip web interface, log in and navigate to MANAGE API
KEYS. To do it via the API, use a POST API request when creating an API key.
Here's an example of the allowed IPs and IP ranges you can use:
* Allowed IP list: 192.168.1.1;192.168.1.2;192.168.1.3
* IP ranges: 192.168.1.0/24
Always broadcast traffic over an encrypted connection, use the SSL protocol.
* For SMPP SSL endpoint, visit smpp-specification
* For HTTP SSL endpoint, visit http-base-url
IP SAFELISTING
IP safelisting allows you to create lists of trusted IP addresses or IP ranges
from which human users or APIs can access Infobip platform.
When using IP safelisting, keep in mind the following conventions and best
practices:
* IP safelisting can be set up at a user level or at an API key level:
* User level
* IP addresses defined in the safelist will be recognized once a user logs
into the web interface and once their credentials are used to broadcast
traffic.
* Only Infobip Account Managers and Support Teams can set up IP
safelisting. If you wish to configure an IP safelist, provide a full
range of IP addresses to your Infobip Account Manager, or contact
support@infobip.com
* API key level
* IP addresses defined in the safelist will be recognized once that API key
is used when broadcasting traffic.
* IP Safelist on an API key can be set up via the web interface (Manage API
keys) or when creating an API key over the API.
* IP Safelist can be set for a specific IP or for an IP range of addresses.
* API – typically using static IP addresses or company/ISP ranges.
* Web interface – might originate from dynamic-source IP addresses (e.g.,
users working from home, connecting via mobile network, or when traveling).
NOTE
IP safelist for HTTP API key and basic authentication are complementary
(different restrictions apply, depending on the authentication method used).
SSL CERTIFICATE RENEWAL
Certificates for all Infobip services are updated regularly which has no impact
on the majority of Infobip clients that are using our services.
If there is a change in the root or intermediate certificates within the trust
chain, we will share a notification in the form of a status page maintenance or
a direct notification to ensure users are informed of the update.
In cases where the root or intermediate certificates remain unchanged, we will
not issue any form of notification that could potentially affect users who use
leaf certificate pinning. Those who implement this practice will need to
proactively monitor and update their pinned certificates manually.
IMPORTANT
We strongly advise against using certificate pinning as pinning leaf
certificates is risky and error-prone.
If you need a new certificate for a certain service, feel free to contact
Infobip Support.
API-RELATED SECURITY CONTROLS
This section provides information on how to increase security for API
connectivity.
To mitigate the risk of network data transfer interception:
* Never use a combination of unsecured HTTP and SMS over URL parameters due to
a high risk of network data transfer interception.
* Never use the unencrypted HTTP/SMPP connection and switch to the following:
* SSL/TLS encrypted connections – This is a preferred option due to a faster
setup and more robust failover mechanism.
* an IPsec VPN connection - This is less preferred because of the need for
manual setup and more complex incident management in case of availability
issues.
This will provide an encrypted data path between your platform and Infobip.
* Refrain from using GET methods for sending messages
PASSWORD ABUSE
To mitigate the risk of password abuse, use a time-constrained API key or token
authorization type.
API sessions expire one hour after the last successful token, and this option
cannot be modified on the client's account level.
API keys, on the other hand, are sessionless and sent with each request. They
have a validity period that can be set per API key after which the API key is
considered invalid/expired.
For more details on all the above, view Authentication and API Key.
POTENTIAL RISKS IF CONTROLS ARE NOT IMPLEMENTED
Credentials leak due to traffic interceptions when using unencrypted HTTP/SMPP
traffic. This can happen in the following circumstances:
* When using insecure HTTP combined with basic authorization (username and
password included in the encoded form in the Authorization header) - which
might have occurred on any node in between your network, ISPs and proxy
services (if used), and the Infobip web interface.
* When applying MITM methods between the client network and the Infobip
platform.
* When used in an insecure (plaintext) format in any kind of storage (digital
and analog). Infobip stores user passwords in a one-way hashed format with
access privileges limited to only a few trusted employees; access is not
granted to any 3rd party.
* When used in an insecure (plaintext) format during exchange/communications
(via electronic channels, telephone, even live discussions).
* When you have not changed your password in a long time.
GENERAL SECURITY RECOMMENDATIONS
* Always use longer and complex passwords, differentiated per user. Reinforce
internal credentials storage and management to mitigate the potential cause
of data leakage in the future.
* Avoid hard coding user credentials on a public code repository.
* Treat your tokens like passwords and keep them secret. When working with the
API, use tokens as environment variables instead of hard coding them into
your programs.
For more information, check out the API-related Security Controls.
VERIFY THE AUTHENTICITY OF LOGIN PAGE TO PREVENT PHISHING ATTACKS
Pay close attention to the URL and site content:
Check Favicon. Websites can put whatever icon they want in the tab.
Look at the domain name. The domain name can help confirm that you are landing
on a legitimate Infobip site.
Check the site's security status in your browser's address bar. For most
browsers, a safe website will display a green padlock icon to the left of the
website's URL. You can click the padlock icon to verify the details of the
website (e.g., the type of encryption used). For example:
* Multiple dashes or symbols in the domain name.
* Domain names that imitate an actual businesses (e.g., "inf0bip", "infoblp" or
"infob1p").
* Domain extensions like ".biz" and ".info". These sites tend not to be
credible.
* Keep in mind as well that ".com" sites, while not inherently unreliable, are
the easiest domain extensions to obtain.
Check the website's connection type. The Infobip web interface website has an
"https" tag which is more secure and therefore more trustworthy than a site
using the more common "http" designation. This is because most illegitimate
sites would not bother going through the security certification process a
typical https site would.
Look at the file path. Infobip web interface has straightforward file
paths depending on the part of the web interface you want to visit. In case you
have any doubts related to any path, contact our Support at support@infobip.com.
Evaluate the URL. A website's URL consists of the connection type ("HTTP" or
"HTTPS"), application (e.g., "portal"), domain name (e.g., "infobip"), extension
(".com"), and the file path (e.g. "/dashboard"). Even if you've verified that
the connection is secure, remain on the lookout for the following red flags:
* The Favicon – websites can put whatever icon they want in the tab.
* Domain Name – this is a part of the URL and it’s trustworthy, as long as you
know what you’re looking for.
* File Path/Directory – this is a part of the URL and it’s trustworthy, as
long as you know what you’re looking for.
* Web content area – this can be whatever the attacker wants it to be,
including a very convincing spoof of an Infobip's legitimate website.
Look for broken English on the website. If you notice a large number of poorly
spelled (or missing) words, generally bad grammar, or awkward phrasing, you
should question the site's authenticity. Even if the site in question is
technically legitimate insofar as it isn't a scam, any inaccuracies in language
will also cast doubt on the accuracy of its information, thereby making it a
poor source.
Review Certificate details:
Most browsers allow you to view the certificate by clicking the padlock icon in
the address bar.
For Firefox:
1. Click the padlock icon.
2. Click More Information.
3. Click View Certificate.
For Safari:
1. Click the padlock icon.
2. Click View Certificate.
For Chrome:
1. Click 3-dot menu > More tools > Developer tools.
2. Click the Security tab and View certificate.
-or-
1. Click the padlock icon > Certificate.
2. When you click the Certificate Information, you will get all the information
the CA verified before it issued the certificate.
The Infobip certificate looks like this:
SHARING CONFIDENTIAL INFORMATION
This section is a quick guide on how to safely use and store confidential
information.
HOW TO USE S-PASS
S-PASS is an Infobip app for sharing confidential information with the Infobip
employees, clients, and other 3rd parties. Please note that shared information
is readable only once, and then it is permanently erased from S-PASS.
It is possible to create and send a secret note to a recipient or access and
read a secret note if you have received a token from the sender. In both cases,
it is necessary to access https://s-pass.app/ using a web browser of your choice
(it might look different in different web browsers).
STORE A SECRET
1. Access S-PASS. Click Write a secret note to share a secret with someone
or Read a secret note if you have received a token for reading secret notes.
2. Write/paste the secret note you want to send. Select how long you want your
secret note to remain stored. It will be kept until it's been read or until it's
surpassed the selected storing time. When finished, click Store secret.
NOTE
Anyone with the token will be able to access your secret note during the time
frame you specified.
Your secret note is now stored. Copy the token OR copy the direct link to share
your secret from the Secret stored! pop-up.
NOTE
Your confidential information will be accessible only by the person who has the
token or the link. Until viewed, the information is encrypted, unreadable to
everyone and stored in the Infobip system.
READ A SECRET
If you have a direct access link, paste it in a web browser and you'll see the
shared secret under the Secret section. If you have an access token, go
to https://s-pass.app/, click Read a secret note, paste your token, and click
Submit token.
NOTE
Once you read the secret note, it will be deleted from the system.
SECURE FILE TRANSFER
Using the Infobip web interface, you can define how oyu wish to export
your Reports from Infobip. Methods enabled for this purpose are FTP and SFTP.
FTP is a file transfer protocol providing basic, unencrypted file transfer
capability. Although it enables both anonymous access and authenticated
sessions, the user credentials and data payload are transferred over public
networks in cleartext, posing a HIGH risk of unauthorized access to confidential
data and spreading of concealed malware. Being completely replaced with more
secure alternatives (SFTP, FTPS, SCP...), the FTP protocol should ONLY be used
with extremely trusted and isolated systems or for public access with an
anonymous FTP - which is not applicable to any Infobip use case.
We recommend using SFTP (Secure FTP). All you need to do is to implement an SFTP
server on the client-side and provide access parameters, either via the Infobip
web interface EXPORT feature or towards Customer Care.
Secure implementation process usually adhere to these pointers:
* Specify a non-standard port (other than 22).
* Safelist incoming (sender) IP addresses; for Infobip, these would be
193.105.74.4 and 62.140.31.104.
* Use dedicated credentials for EACH client user (i.e., credentials dedicated
solely for Infobip).
* Choose long, complex passwords (12 characters minimum).
* Change passwords regularly (e.g., every three months).
Apart from security reasons, usage of the encrypted data transfers is - in many
industries worldwide - a regulatory compliance requirement included in
the security policy of businesses.
When you choose the insecure version of the FTP, you accept related security
risks, andn at the same time Infobip renounces any liability possibly resulting
from such use.
AUTHORIZATION TO PERFORM SECURITY TESTING ACTIVITIES AGAINST INFOBIP RESOURCES
Infobip conducts regular external penetration tests by engaging renowned 3rd
party companies and using best practice methodologies that eoncompass:
* OSSTMM (Open Source Security Testing Methodology Manual),
* OWASP (Open Web Application Security Project),
* NIST penetration testing and audit methodologies, including automated and
manual techniques designed to evaluate the security of our target systems.
Infobip provides detailed reports of these testing exercises to its clients and
partners, upon a signed NDA and limited to the scope of the contracted services.
Our security teams are available for any question or discussion regarding the
reports' contents or other aspects of our vulnerability management
program. Using existing reports and documentation for verification of your
supply chain security is beneficial, as it provides adequate assurance levels
while reducing operative burdens and costs on both sides.
If these arguments are not sufficient, penetration testing or vulnerability
scanning of our environment might be arranged according to the provisions
stipulated in the Service Terms and Conditions and the respective service
agreement.
The client/partner will be required to agree to share the testing findings with
the Infobip Corporate Security team.
In case of especially severe and/or critical issues discovered within the
Infobip products or services, the client agrees to report their findings to
Infobip without any delay.
IMPORTANT
Third parties are not authorized to perform any kind of security testing of
endpoints pertaining to Infobip and its affiliated companies without prior
approval from Infobip. Third parties are not allowed to disclose any findings
resulting from their testing activities, or information discovered during the
course of the provision of the services, with any other 3rd parties, without a
prior contractual agreement or approval from Infobip.
Every external security testing activity must be announced and a request has to
be sent towards an Infobip representative (Account/Sales manager or Support).
Every such request will be evaluated against the current client's/partner's
permission for conducting the testing.
If the request has been approved, the requesting party will have to comply with
a defined set of requirements regarding their engagement, documented in
the External Penetration Testing Document which will be provided by the Infobip
Corporate Security department.
In accordance with the NDA provisions, the Client assumes the responsibility to
protect the confidentiality of the found vulnerabilities. Any such information,
in whatever form, shall not be disclosed to or shared with 3rd parties without
prior approval from the Infobip Corporate Security department. If the Client
breaches this confidentiality clause, Infobip will hold them liable based on the
contract provisions, and the potential reimbursement claims will take into
consideration the maximum amount of damages resulting from these unauthorized
activities.
If the conducted penetration testing discovers vulnerabilities in
the Infobip system, these findings will be triaged by the Infobip Corporate
Security department. If marked as needed for remediation, the proof of the
remediation of identified vulnerabilities will be provided to the requesting 3rd
party in the form of an internally provisioned report compiled by the dedicated
application security experts and other relevant security specialists.
CLIENT'S INTERNAL PROCESSES
Reinforce internal credentials storage and management to mitigate a potential
risk of internal data leakage in the future which might result in unauthorized
access to the Infobip platform and traffic costs.
For safekeeping of your passwords, consider using one of the commercial-grade
password management tools.
STORE CREDENTIALS (HOW TO AND HOW NOT TO)
If you are using Infobip APIs, you need to handle sensitive data such as
passwords, tokens, or secrets. This can be quite a challenge, especially if
sensitive data must be sent from one service to another to execute service
operations.
The need to store sensitive data can be a legitimate use case and can happen a
lot of times during the design phase. In cases where you cannot resort to secure
methods of sharing resources and initiating operations, you need to set up
additional security mechanisms which are set up in layers and increase your
defense in depth.
Here's an example scenario code where authorization is hardcoded:
* Java
public class InfobipApp {
public static void main(String... args) {
OkHttpClient client = new OkHttpClient().newBuilder().build();
MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{\"messages\":[{\"from\":\"InfoSMS\",\"destinations\":[{\"to\":\"41793026727\"}],\"text\":\"This is a sample message\"}]}");
Request request = new Request.Builder()
.url("https://api.infobip.com/sms/2/text/advanced")
.method("POST", body)
// The sensitive secret is hardcoded in code below
.addHeader("Authorization", "App 003026bbc133714df1834b8638bb496e-8f4b3d9a-e931-478d-a994-28a725159ab9")
.addHeader("Content-Type", "application/json")
.addHeader("Accept", "application/json")
.build();
Response response = client.newCall(request).execute();
System.out.printf("%s: %d", number, response.code());
}
}
This is a scenario which we want to prevent.
Let's look into some of those security mechanisms and ways to secure sensitive
data.
Use hardware security module (HSM).
Hardware security modules are special physical devices usually formally
certified as tamper-proof FIPS 140-2 level 3 devices and designed to store and
protect secret material and securely perform cryptographic operations. The idea
behind HSMs is to store data or execute operations in a more secure environment
rather than in a computer where the application is deployed. There are a lot of
different providers of HSMs and the way they are used and operated is in the
scope of the provider's documentation. This is the best approach that you can
use to handle sensitive data.
Do not store any sensitive data, ever.
Instead of storing sensitive data, include it in the application when its
deployed. Make the application request secrets when starting. This is the best
thing you can do, if you cannot use HSMs as your password is only contained in
the memory.
There are other risks associated with this. For example, pulling password/keys
directly from memory or availability risks, such as server reboot, in cases
where the application is deployed as a service. This method is far safer than
any of the other methods. All other methods have the same risk associated with
pulling sensitive data from memory.
Here's an example of how you might incorporate this in a simple Spring Boot
application:
* Java
@SpringBootApplication
public class InfobipApp implements CommandLineRunner {
private NumberRepository numberRepository;
private SensitiveData sensitiveData;
@Autowired
public App(NumberRepository numberRepository, SensitiveData sensitiveData) {
this.numberRepository = numberRepository;
this.sensitiveData = sensitiveData;
}
@Override
public void run(String... args) throws Exception {
for (String number : numbersRepository.findAll()) {
OkHttpClient client = new OkHttpClient().newBuilder().build();
MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, String.format("{\"messages\":[{\"from\":\"InfoSMS\",\"destinations\":[{\"to\":\"%s\"}],\"text\":\"This is a sample message\"}]}", number));
Request request = new Request.Builder()
.url("https://api.infobip.com/sms/2/text/advanced")
.method("POST", body)
// Authorization is fetched from bean and sensitive data is not stored in code
.addHeader("Authorization", data.getAuthorization())
.addHeader("Content-Type", "application/json")
.addHeader("Accept", "application/json")
.build();
Response response = client.newCall(request).execute();
System.out.printf("%s: %d", number, response.code());
}
}
@Bean
public SensitiveData getSensitiveData() {
Console console = System.console();
SensitiveData data = new SensitiveData();
data.setAuthorization(console.readPassword("Input Infobip API authorization: "));
return data;
}
public static void main(String... args) throws IOException {
SpringApplication.run(InfobipApp.class, args);
}
}
Storing sensitive data? OK, but set additional layers.
In an event that you really need to store sensitive data, do set additional
layers of defense.
There are several options here:
* Store secrets in a verified encrypted store (e.g. keystore) and load those
secrets on application boot
* Encrypt secrets and store the encryption key safely and in a way that it is
restricted only to a specific user on the service
* Store secrets in an environment variable and fetch the value in code
* Use a separate process or service that serves secrets to the application
after it has been authenticated
Here's an example code of how secrets can be fetched from an environment
variable:
* Java
@SpringBootApplication
public class InfobipApp implements CommandLineRunner {
private NumberRepository numberRepository;
@Autowired
public App(NumberRepository numberRepository) {
this.numberRepository = numberRepository;
}
@Override
public void run(String... args) throws Exception {
for (String number : numbersRepository.findAll()) {
OkHttpClient client = new OkHttpClient().newBuilder().build();
MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, String.format("{\"messages\":[{\"from\":\"InfoSMS\",\"destinations\":[{\"to\":\"%s\"}],\"text\":\"This is a sample message\"}]}", number));
Request request = new Request.Builder()
.url("https://api.infobip.com/sms/2/text/advanced")
.method("POST", body)
// Authorization is fetched from environment variable and sensitive data is not stored in code
.addHeader("Authorization", System.getenv("INFOBIP_API_AUTHORIZATION"))
.addHeader("Content-Type", "application/json")
.addHeader("Accept", "application/json")
.build();
Response response = client.newCall(request).execute();
System.out.printf("%s: %d", number, response.code());
}
}
public static void main(String... args) throws IOException {
SpringApplication.run(InfobipApp.class, args);
}
}
SECURITY GUIDELINES FOR SMS FRAUD PREVENTION
With the large increase of cyber-attacks on the internet, web applications are
attacked in different ways. To effectively defend against these attacks, we are
providing you with web application security guidelines which can be implemented
from a perspective of most common web application issues leveraged in fraud
cases.
WEB APPLICATION ISSUES LEVERAGED IN FRAUD CASES
1. Web application issues leveraged in fraud cases
Limit frequency and quantity of SMS messages to a specific number, so none
of the users can misuse the service or platform. Using this approach,
you'll avoid potential spam to the end users and the resources will not be
potentially exhausted by the end user. Rate limit should be implemented at
a user account level.
2. Lack of security mechanisms in HTTP headers and cookies
HTTP headers should contain a set of security mechanisms which can provide
additional security layer to the web application. Application cookies
should have at least "Secure" and "HttpOnly" directive in place. Additional
option is to include the SameSite, which will mitigate the risk of
cross-origin information leakage.
Besides securing cookies, application should use X-Frame-Options to avoid
clickjacking attacks, X-XSS-Protection to mitigate XSS attacks,
Strict-Transport-Security to tell browser to use only HTTPS, etc.
3. Missing authentication or rate-limit on some of the API endpoints
It is important to have proper asset management of all API endpoints, since
some of them can be in debug or test mode and authentication or rate limit
could be disabled for those which are used for testing purposes. This is
common in situation where you want to maintain backward compatibility on
multiple deployments production, staging, internal, and development.
4. Insecure Direct Object Reference
Application should check if the user who tried to access a certain object
from the database has the right access to it. IDOR usually happens when the
user modifies an input, e.g. by changing the ID of the object in a URL from
10 to 20. The user can access the object which is tied to another user.
Application should prevent the exposure of a real identifier, such as an
ID, and use a hash instead because the sequential ID could be easily
guessed.
5. Missing or insecure CAPTCHA mechanism
Use reCAPTCHA or hCAPTCHA to tackle bots. Be aware of existence of
automated CAPTCHA solvers which are solved using both bots and human
interaction. Consider using some of the non-conventional CAPTCHA methods,
like graphic puzzle solving or context-specific questions.
6. Missing anti-CSRF token
It's advised to use anti-CSRF tokens within all sensitive HTTP requests.
CSRF tokens should be generated for each HTTP request, as the time range
for exploiting is shorter as opposed to a CSRF token generated per session.
7. Using GET parameters for sending sensitive data to API
Avoid using GET parameters for sending sensitive data or API keys, as the
URL can be cached in HTTP proxies, browser history, or in web server logs.
Use the HTTP POST method for sending any sensitive data to the API.
8. Web application doesn't filter and sanitize dangerous input like injection
payloads
Define what type of data could be used in a form of web application.
Validate and escape the input; for example, there is no need to accept
special characters in a username field, since it only accepts an
alphanumeric string, a phone number field should only use numbers, etc.
Instead of using user input directly from HTML form, use stored procedures
or prepared statements with parametrized queries when interacting with
underlying database to minimize the risk of SQL injections. XSS should be
tackled using validation and input sanitization on each form which doesn't
have input selection such as date or yes/no selection, always encode
special characters, such as less than (<) or more than (>).
9. Insecure connection over HTTP
Instead of using HTTP, switch to HTTPS, as it offers encryption of the HTTP
traffic and protects against traffic interception. Using plain HTTP
protocol, an API key or user credentials could be sniffed, if a user is
connected to public Wi-Fi hotspot or insecure network. Avoid using SSL
2.0/3.0, disable TLS 1.0, and use TLS 1.2 and TLS 1.3. Disable null and
anonymous ciphers.
10. Insufficient logging and monitoring
Web application should be able to produce sufficient number of logs with
proper level of integrity at rest and transit. Also, application logs
should be sanitized from sensitive info like credentials in plaintext,
message content, etc. This especially goes for authentication and any
sensitive actions, like registration or change of password/API key, denied
access or input validation errors. Logging and monitoring are requirement
for any future forensics and examination of user's action.
PAGE CONTENT
Copyright © 2006-2023 Infobip ltd.
Elapsed time: 0.3737 / Memory usage: 7.57MB
*
*
*
*
*