Information security model

This page describes the technical aspects of security regarding some of the major entities in our APIs.

In case you find any situation (possible attack scenario) which doesn’t conform to this document, please notify us immediately. The purpose here is pure technical, for a legal text go to our SDK Agreement.


An API operation (read, list, create, etc.) can be:

  • unrestricted - the operation is allowed to anyone. Resources under such control are considered public.
  • restricted-to-license - the operation on a resource is allowed to anyone who has a valid license for that resource. These are usually b2c operations.
  • restricted-to-partner - the operation on a resource is allowed only to the administrator of a 3rd-party application. These are usually b2b operations.
  • admin-only - the operation is only available to some of our employees (and maybe contracted partners).

General rules

  • All API access must go over HTTPS. This is true for mobile clients as well.
  • We employ both session and token authentications. B2B/server-server operations must authenticate with the token, while human-server operations must authenticate with the session.
  • Some operations are seemingly unrestricted, but you have to know a license key to retrieve/change anything.
  • Our SDK does not keep a record of your users, they are identified by their license key.



This entity represents the measurement application you develop.

All operations on an existing application are restricted-to-partner. This includes:

  • viewing/modifying the API token
  • viewing the details of an application.
Operation Intention Note
Enumerate admin-only -
View restricted-to-partner -
Create restricted-to-partner -
Modify restricted-to-partner -
Delete admin-only -


This entity represents an allowance to use Notch sensors.

Operation Intention Note
Enumerate restricted-to-partner Must list only licenses that were purchased by the given partner.
View restricted-to-license -
Create restricted-to-partner Creating = purchasing a new one.
Modify restricted-to-partner -
Delete restricted-to-partner -


During activation, the Notch sensor is authorized to make measurements with a given license key. This is a code exchange process initiated by our SDK.

Operation Intention Note
Enumerate restricted-to-partner -
View restricted-to-partner -
Create restricted-to-license -
Modify admin-only -
Delete admin-only -

License Network

Here is the sensor network represented (how devices communicate). This entity is managed by our mobile SDK.

Operation Intention Note
Enumerate admin only not supported operation
View restricted-to-license -
Create restricted-to-license -
Modify restricted-to-license -
Delete restricted-to-license -

Notch Device

This one is tricky, as it’s not represented on our public API, but some details must be available to the measurement SDK. The following details are unrestricted:

  • mac address
  • product versions (HW/SW versions, version strings)
  • calibration information

In some cases, we want to hear about the sensor status. Re-reporting calibration data is restricted-to-license.

Create a 2D video from the 3D animation

Related Docs