FAQ >> How secure is the backup process?
In order to retrieve backup files from your server our system and your API must go through a strict chain of requests to authenticate the process.
Step 1. myRepono decides your next backup is due and prepares a list of files and databases to backup. myRepono then connects to your API to initiate the backup by parsing a identification key for the backup transactions.
Step 2. Your API connects to myRepono using the identification key and retrieves the lists of files and databases to backup, it then prepares the database backups and decides how to split your file and database backups into packets. At the same time your API saves a secret key which it parses to myRepono to authenticate future requests, and tells myRepono how many packets to retrieve.
Step 3. myRepono connects to your API using the authentication key and your secret key to retrieve all of your backup packets individually, if a packet retrieval fails myRepono will re-attempt the retrieval three times.
Step 4. myRepono sends a request to the API to confirm the backup is complete and your API then ensure all temporary files have been removed.
Step 5. myRepono checks the backup packets have been received correctly and then charges your account as applicable.
A backup can not be initiated without the backup instructions being retrieved from myRepono using the authentication key, this ensures only myRepono can provoke a backup.
The API can only be accessed using your API key and password, this ensures only myRepono can connect to the API. As an additional security measure, when accessed the API will retrieve a list of allowed IP addresses from our server, only IP addresses listed in this file may access the API. These security measures apply to any request sent to the API, it can not be accessed unless these security checks are parsed.
All connections to myRepono are secured using SSL with up to 256-Bit encryption. We recommend setting an API URL which is also secured using SSL (e.g. a URL with the https:// prefix) to ensure connections to your API are secure.
Backup packets are compressed as ZIP files and are then encrypted, for more information regarding backup encryption please see: How are backups encrypted?
Did you find this page helpful?