While the security posture for your organisation is up to your discretion, our CoreAPI is used for any RESTful and legacy SOAP API calls, and CoreAPI is also used by integrated third parties NAB, Experian (address validation) and other vendor integrations, so we recommend that this is externally available or these will not operate correctly.
We run regular penetration testing and the CoreAPI has not been identified as having any related issues.
The ability for a third party to access any end points is dependent on the specific access that you give to that third party.
This is managed by the your organisaiton as documented at Using the Interface Settings window.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article