Secure communication

SnapLogic security features protect the communication between the SnapLogic Platform and your endpoints:

  • The control plane only stores metadata. The data plane processes data but does not store it permanently. During design and testing, validation fetches a subset of records as a data preview. You can set the maximum number of documents to display in the data preview or disable validation for the environment to prevent users from viewing live data.
  • The SnapLogic Platform only accepts requests over HTTPS. The requester must support TLS 1.2. Our servers negotiate to the most secure TLS or OpenSSL cipher supported by the client. Supported ciphers lists the ciphers supported by the SnapLogic Platform.
  • Inbound requests to the Platform and outbound requests from pipelines use the load balancer or JRE settings for encryption defined in the host's java.security file. On Groundplex self-managed nodes, find JRE security configuration:
    • For Linux systems: in the lib/security/java.security file.
    • For Windows systems: the JAVA_HOME environment variable specifies the location of java.security.
  • Responses from the SnapLogic Platform include the following headers as recommended by the Open Web Application Security Project (OWASP):
    • Content-Security-Policy
    • Content-Type
    • Referrer-Policy
    • Strict-Transport-Security
    • X-Content-Type-Options
    • X-Frame-Options
    • X-SL-ClientIP
    • X-XSS-Protection
    • Content-Length

Allowlists

To enable communication from the SnapLogic Platform to your network or endpoints, you might need to add Snaplogic IP addresses to your allowlists. The control plane provides allowlists to restrict incoming requests. By configuring allowlists in Admin Manager, you can limit callers to specific IP addresses and permit requests from web pages outside of the SnapLogic domain. Refer to Task Allowlists for more information.

If your network restricts outbound traffic:

To permit calls from the data plane to endpoints that restrict inbound traffic, you must add the appropriate SnapLogic IP addresses to your endpoint allowlists.