Zeropark Documentation

Security in Zeropark for Advertisers

Abstract

Learn how to make your Zeropark advertiser account more secure by utilizing the two-factor authentication and new login notification features.

Zeropark has three security features available to protect your account and stop hard-coding sensitive data:

  • New login sessions: To help you monitor from which device there are sign-ins to your Zeropark account

  • Two-factor authentication: To protect your account from getting hacked

  • API access tokens: To stop hard-coding passwords into your scripts

New Sign-in Sessions

Opt-in by default, you are notified by email anytime a new device logs into your Zeropark account. Once notified, you can act on any suspicious sign-ins by suspending your account and resetting the password.

Suspending your account will:

  1. Send you an email with a new password

  2. Terminate all active sessions

  3. Pause all campaigns

  4. Suspend any financial transactions

  5. Require a member of Customer Success Team to reactivate your account

Two-Factor Authentication

Two-Factor Authentication (2FA) is a method of signing in to the Zeropark platform that requires more than just a password. Using only a password to sign in to any website is vulnerable to security threats because a malicious user only needs one piece of information to gain access to your account. 2FA places an extra layer of security on your account by requiring both your password and a second authentication code while signing in. The only way a user can sign in to your account is if they have your password and the authentication code from your registered mobile device(s). For Zeropark, the additional authentication code will be generated by a Time-based One-Time Password (TOTP) mobile app.

Note

Zeropark Tip: We recommend adding Multi-factor authentication (MFA) to your account for an added level of security. Once you, do you’ll be issued an MFA code for your device. During login, if you check the box labeled "Trust this device and don't ask for the verification code next time." then your device will be remembered. Meaning that you do not need to enter the MFA code every single time you log in. This way you can access your account quickly and securely.

Before you start turning on the Two-Factor Authentication for you Zeropark, it is required to download and install a Time-based One-Time Password (TOTP) application. The TOTP application automatically generates authentication codes that expire and refresh after certain periods of time. TOTP applications are more reliable than using SMS authentication, so 2FA on the Zeropark platform will utilize the TOTP authentication only.

Download the following mobile applications:

After installing the TOTP application on your mobile device, set 2FA on the Zeropark platform:

  1. Go to the My account tab.

  2. Go to Security in the menu on the left-hand side.

  3. Turn on the Two Factor Authentication toggle for your account. The 2FA startup page will show up.

    security_advertisers2.png

  4. Download the Google Authenticator.

  5. Scan the barcode image in the pop-up page using the TOTP application. If you cannot scan the QR code from your computer screen, you can always use a text code option. Click the text code in step 1. in the Two-factor authentication pop-up window and next, type the text code to the mobile application field.

    Note

    Zeropark Tip: To configure 2FA on multiple devices, you need to follow this step for all devices in the same session; just scan the same QR code by all devices.

    If 2FA is already enabled for a device and you want to add another device, you’ll have to reconfigure all devices again. You need to follow the next step only by one of the devices.

  6. Input the six-digit code from the application into the field in step 2.

  7. To complete the verification, click the Continue button.

    security_advertisers4.png
Access Tokens

To use the Zeropark API you are required to obtain API access tokens, which then you need to send in an HTTP header every time you make a request.

To start working with the Zeropark API, follow the steps:

  1. Sign in to the Zeropark platform and go to My accounts tab.

  2. Go to the Security tab in the menu on the left-hand side and scroll down to the Access tokens section.

  3. Create a new API access token by clicking the Add new button.

    Note

    Zeropark Note: Once you have generated the access key, you need to copy and save it. This is the only time when the secret access key is visible to you, thus you need to store it locally to be able to use it with the Zeropark API.

    security_advertisers6.png

  4. Provide a name for your access token and click the Generate button.

    security_advertisers7.png

  5. Copy the access token and send the API access token in the API-token HTTP header with every request you make to the Zeropark API.

    Note

    Zeropark Tip: We recommend rotating the API access tokens at least every 30 days to keep your account safe; every 30 days just create a new API access token, start using a new one in your application(s), and revoke the old one.

In this section: