Employgroup takes the security of your data very seriously. To ensure that personal and financial data is kept as secure as possible, the Employgroup API combines a number of orthogonal security mechanisms to authenticate and authorise any third-party application when it communicates with the API. As the Employgroup API is stateless, these identification mechanisms must be provided with each request. If any of the identification mechanisms fail then the request will be rejected.
All requests to the API are encrypted via TLS 1.0 or higher; no version of SSL is supported due to well-documented weaknesses in the protocol, such as Heartbleed or POODLE. Unencrypted HTTP is also unsupported.