Skip to content

Access control

  • You are provided with an access token for your applications to use services via APIs. This access token may only be used for the intended purpose. All other uses are this access token are prohibited.
  • Applications running on our Platform are provided with JSON Web Tokens (abbreviated "JWT"). JWTs have to be validated according to rfc7519. All requests with invalid or missing JWTs must be rejected by you.
  • You must take all necessary measures to protect access tokens against unauthorized third parties. If you become aware of a risk that an unauthorized party had access to such access tokens you must immediately send an e-mail to
  • You are obliged to change your password on a regular basis.
  • You are obliged to change passwords used by you to access our services via APIs regularly over time. If not otherwise specified and permitted in writing, the interval between password changes shall not exceed the period of 12 months.

Last update: January 22, 2024