NewProgrammatic

Security

Security of Advertisers and Publishers is on the top of NewProgrammatic’s priorities. In this section, you will find information about security features available to protect your account, money, and sensitive data from being hacked or stolen. You can also learn how to make the most of the NewProgrammatic API.

NewProgrammatic has three security features available to protect your account and stop hard-coding sensitive data:

  1. New log-in sessions:  To help you monitor from which device there are sign-ins to your NewProgrammatic account

  2. Two-factor authentication:  To protect your account from getting hacked

  3. API access tokens: To stop hard-coding passwords into your scripts

1. New log-in sessions:

Opt-in by default, you are notified by email anytime a new device logs into your NewProgrammatic account. Once notified, you can act on any suspicious sign-ins by suspending your account and resetting the password.

Suspending your account will:

  1. Send you an email with a new password.

  2. Terminate all active sessions.

  3. Pause all campaigns.

  4. Suspend any financial transactions.

  5. Require a member of the NewProgrammatic Team to reactivate your account.

2. Two-factor authentication:

Two-Factor Authentication (2FA) is a method of signing in to the NewProgrammatic platform that requires more than just a password. 

Using only a password to sign in to any website is vulnerable to security threats because a malicious user only needs one piece of information to gain access to your account. 2FA places an extra layer of security on your account by requiring both your password and a second authentication code while signing in.

The only way a user can sign in to your account is if they have your password and the authentication code from your registered mobile device(s). For NewProgrammatic, the additional authentication code will be generated by a Time-based One-Time Password (TOTP) mobile app.

Before you start turning on the Two-Factor Authentication for your NewProgrammatic account, it is required to download and install a Time-based One-Time Password (TOTP) application. The TOTP application automatically generates authentication codes that expire and refresh after certain periods of time. TOTP applications are more reliable than using SMS authentication, so 2FA on the NewProgrammatic platform will utilize the TOTP authentication only.

Download one of the following mobile applications:

After installing the TOTP application on your mobile device, set 2FA on the NewProgrammatic platform:

  1. Go to the My account tab.

  2. Go to Security in the menu on the left-hand side.

    37__Security.png
  3. Drag the Two-factor authentication toggle to apply Two-Factor Authentication for your account. The 2FA startup page will show up.

    Security.png
  4. Scan the barcode image in the pop-up page using the TOTP application.

    1. If you cannot scan the QR code from your computer screen, you can always use a text code option.

    2. Click the text code in step 1 of 2FA. in the Two-factor authentication pop-up window and next, type the text code to the mobile application field.

      Warning

      To configure 2FA on multiple devices, you need to follow this step for all devices in the same session; just scan the same QR code by all devices. If 2FA is already enabled for a device and you want to add another device, you’ll have to reconfigure all devices again. You need to follow the next step only by one of the devices.

  5. Input the six-digit code from the application into the field in step 2 of 2FA.

  6. To complete the verification, click the Continue button.

  7. You will see the Two-Factor Authentication status is turned on.

API access tokens:

To start working with the NewProgrammatic API, follow the steps:

  1. Sign in to the NewProgrammatic platform and go to My account tab.

  2. Go to the Security tab in the menu on the left-hand side and scroll down to the Access tokens section.

  3. Create a new API access token by clicking the Add new button.

    Warning

    Once you have generated the access key, you need to copy and save it. This is the only time when the secret access key is visible to you, thus you need to store it locally to be able to use it with the NewProgrammatic API.

  4. Provide a name for your access token and click the Generate button.

  5. Copy the access token and send the API access token in the API-token HTTP header with every request you make to the NewProgrammatic API.

    37_2_Access_tokens.png

Tip

We recommend rotating the API access tokens at least every 30 days to keep your account safe. Every 30 days just create a new API access token, start using a new one in your application(s), and revoke the old one.

Using HTTPS

If you don’t use HTTPS in your campaigns, you might not be aware of the fact that you limit your performance with major web browsers. The "not secure" notifications prevent visitors from completing the action you would like them to take. Especially on mobile, where the message is much more visible.

Please remember to use SSL in your domains. If you already do that or plan to, make sure your entire redirect path is encrypted with SSL. Otherwise, the users will be displayed a ‘leaving safe connection’ message and you’ll risk part of them leaving your funnel.