CAKE Portal Security: Best Practices
Please take advantage of the CAKE portal security settings. You can navigate to your Setup>Settings>Global Settings and scroll down. You will see a section called, All Portals Security Settings, and Security Settings. Subsequently, you can find Security Settings for each of the other portals respectively in their dedicated Settings sections Setup>Settings>Affiliate Portal Settings, etc.
- Failed Login Attempts: 5 attempts
- Admin Portal Session Timeout: 60 minutes
- Password Strength:Strong
- Password Usage History Restriction: 10 passwords
- Password Expiration Policy: 90 days
- Once you have saved these settings we recommend a "Force Password Reset" which will logout all users and force them to create a new and stronger password.
In addition to the above settings, we recommend expiring and creating new API keys once every three months. We also strongly recommend that you leverage ourIP Whitelisting for API calls. If you know the IP of the server you will be making API calls from, please insert that into your IP Whitelisting list found by navigating to Setup> Blocks and Profanity> IP Whitelisting> Add. Be sure to choose API IPs when whitelisting your API address. CAKE will ignore any API calls made that are not from the IPs listed on your whitelist.