Secure Channel

Secure Channel v2 protects sensitive WEB requests by encrypting request and response payloads.

When It Is Used

Common examples:

1. login initiation
2. registration initiation
3. password reset
4. password change
5. sensitive security center mutations

Required Sequence

1. obtain the public key material if needed by the client
2. create a Secure Channel session
3. send encrypted request payloads with X-SC-Session-Id
4. close the session when the flow ends

What It Does Not Replace

Secure Channel does not replace:

1. portal context
2. JWT session state
3. X-Client-Hash
4. permission checks

Common Failure Modes

1. request sent in plaintext to an SCv2-required endpoint
2. missing X-SC-Session-Id
3. stale or invalid Secure Channel session
4. valid Secure Channel but missing JWT or portal context

Read Next

1. Web Quickstart
2. Auth Guide