Skip to main content

Security & Data Privacy for Distributors

As a valued distribution partner, safeguarding data and ensuring secure integration is a core part of your obligations.

Updated this week

As an distributor, safeguarding data and ensuring secure integration is not just a technical requirement - it’s a core part of your obligations under the Distribution Licence Agreement. Protecting both your business and the broader tourism network relies on robust security and privacy practices.

Why Security and Data Privacy Matter

Our content is a valuable asset, and the API is a critical channel for delivering that content to your customers. Security breaches, unauthorised access, or data leaks can compromise your reputation, disrupt your services, and put sensitive information at risk. By following best practices, you help maintain trust and ensure compliance with our standards.


Key Security Considerations

To ensure secure and reliable integration with our API, all distributors must follow these best practices:

Implement HTTPS

Always use HTTPS to encrypt data transmitted between your application and the API. This protects sensitive information from being intercepted or tampered with.

Manage API Keys Securely

Keep your API keys confidential. Do not hard-code them in your application code or expose them in client-side scripts. Store them securely in your server environment and restrict their usage to specific IP addresses or environments whenever possible.

Access Controls

Ensure only authorised users and systems can access the API. Implement role-based access and the principle of least privilege.

Logging and Monitoring

Monitor API usage and log all access attempts. This helps detect and respond to suspicious activity or potential breaches.

Encryption

Use encryption to protect sensitive data both in transit and at rest.

Rate Limiting and Throttling

Implement rate limiting to prevent abuse and ensure fair usage for all distributors. This helps protect against denial-of-service attacks and system overloads.

Regular Security Audits

Conduct regular security reviews and vulnerability assessments. Remove outdated or unused APIs (“zombie APIs”) to reduce risk.

Error Handling

Avoid exposing sensitive technical details in error messages. Use generic error responses and log details internally.

Compliance with Standards

Familiarise yourself with ATDW’s distributor guidelines and the Distribution Licence Agreement to ensure your integration remains compliant.


API Key Management

Confidentiality

Your API key is confidential and must not be shared, sublicensed, or used across multiple domains. It is issued for your exclusive use as a registered distributor and is considered Confidential Information under your agreement with ATDW.

Single Domain Use

API keys are authorised for use on a single domain only. Sharing or using your API key on multiple domains is a breach of your licence and may result in access being revoked.

Storage

Store API keys securely on your server, never in public repositories or client-side code.


Data Privacy

ATDW expects all distributors to handle data responsibly and in accordance with privacy best practices. This includes:

  • Regularly reviewing and updating your security policies.

  • Implementing robust access controls.

  • Monitoring and logging all data access and API usage.

  • Encrypting sensitive data at all stages.

  • Complying with all relevant privacy legislation and ATDW’s policies.


Practical Integration Tips

Pagination and Size Limits

The API enforces a maximum of 5,000 profiles per page. If you need to access more, implement pagination in your integration. Learn more about size restrictions.

Delta Updates

Use delta updates to retrieve only new or changed data, reducing unnecessary load and improving efficiency.

Support and Documentation

For technical support, integration changes, and best practice updates, visit the ATDW Support Portal.


Non-Compliance

Failure to follow these security and privacy requirements can result in revoked access, reputational damage, and potential legal or financial penalties. The Distribution Licence Agreement outlines your obligations in detail.


Need Help?

If you have questions about security, data privacy, or integration best practices, please contact our support team. We’re here to help you build a secure, reliable, and compliant tourism platform.

Did this answer your question?