Money Toolkit

← Older posts

Military Grade Security

Posted on February 22, 2012 by Dan

“Military Grade Security” Is a phrase that has become watered down by its overuse, yet it still a succinct way to sum up a set of practices and procedures in a short phrase that the general public can consume.

Part of the watering down is also due to the fact that some sites and services use ‘military grade’ to mean they use one technology that some military organisations use.

When a technical person reads ‘Military Grade Security’ they think ‘right they use SSL’, and perhaps even start to worry that is all the site or service is using.

At Money Toolkit we say military grade security because we mean it! Our staff and consultants have worked as suppliers to the UK government and military. For us SSL is just one essential component…

  • 1. We use SSL for all our communication over HTTP – between our apps and servers and between servers. Our trafic can not be eavesdropped.
  • 2. All other administration communication is done via SSH.
  • 3. Passwords are never stored – we always use SHA hashed passwords.
  • 4. All other data is encrypted on our servers, using AES.
  • 5. The data centers we use are accredited to ISAE 3402
  • 6. A lot of our service runs on Google App Engine who have an exemplary security record… 24 hour guarded data centers, airlock entry, NO security breach ever and more… more info.
  • 7. We are a small company, and every employee or contractor is well known, and follows the best security practices. No customer data is ever allowed on individual storage devices, so can never leave the data center.
  • 8. All of our systems and servers are regularly patched and hardened, no personal data is ever stored in any logs.
  • 9. Our development and deployment process is strictly controlled with a continuous integration server running a battery of tests, not just for reliability, but for security as well.
Posted in Security, techy | Tagged , | 1 Comment

Personal Bank Data API

Posted on February 6, 2012 by Dan

We believe everyone should have access to their own personal data – and do with it what they want.

So we have just pushed live our first draft of our public READ ONLY Api.

We are working on granting third parties read only tokens to your data so other developers can do cool stuff as well.

In the examples below, the tkn query parameter would normally be a one of token that you receive from and authorisation request (more details over at github)

the in=2 query parameter is to pretty print the JSON response with a 2 character indent..

Some sample Url’s…

An individual – showing some bank accounts:

https://www.moneytoolkit.com/pub/person/dan3?tkn=dummy_test_token&in=2

You can then use the ‘keyname’ for each account to look at the transactions for each account…

https://www.moneytoolkit.com/pub/person/dan3/account/a1?tkn=dummy_test_token&in=2

Or list all accounts and all transactions for an individual:

https://www.moneytoolkit.com/pub/person/dan3/account?tkn=dummy_test_token&in=2

Of course if you are not so techy – you can always just dump all your data out as CSV

Theres plenty more where that came from and we will provide more detail and documentation at our github page:
https://github.com/MoneyToolkit/Public-API/wiki

Posted in banking, code, finance, News, pfm, techy, Web | Tagged | Leave a comment
← Older posts
Money Toolkit
Twitter
Facebook
Blog
Support