Platform Authentication

New
  • Updated on Apr 24, 2026
  • Published on Apr 24, 2026
  • 1 minute(s) read
Prev Next

Overview

Authenticate requests from the Eleos Platform using a secret value to confirm the origin of the communication. Secure communication between your systems and the Platform by validating HTTP headers, configuring firewall access, and implementing appropriate network security protocols.

How It Works

All requests to the documented endpoints receive an HTTP header called Eleos-Platform-Key. This header contains a secret value used by your systems to confirm that the request originates from the Platform. You must check this value on every request and reject any request that has a missing or incorrect value.

In App Manager, navigate to App Configuration > Service Config > Eleos Platform Key to set this value to a secret, password-like string.

For example, if you set your key to c3NkwWtvYpSsxowwnP9X4YXAuRVZp, all requests to your systems include the following header for your systems to validate:

Eleos-Platform-Key: c3NkwWtvYpSsxowwnP9X4YXAuRVZp

NOTE: Authorization Header requests made on behalf of mobile app users also include an Authorization header.

Configuring Firewall Access

The Platform utilizes a high-availability configuration, meaning individual servers terminate or relaunch dynamically. Because of this, requests from the Platform to your web services do not originate from a fixed IP address or range. Complete the following actions to secure and authenticate requests:

  • Install a valid TLS certificate and allow requests to the web services exclusively over HTTPS.

  • Disable insecure protocols, including TLS versions 1.1 and below, as well as SSLv3.

  • Configure your web services, intermediary reverse proxy, or firewall to check that the Eleos-Platform-Key header matches the value you configured in App Manager.

  • Reject requests that do not contain a matching Eleos-Platform-Key .

  • Configure your firewall to allow HTTPS requests on TCP port 443 from any IP.

  • Permit HTTPS requests on TCP port 443 to platform.driveaxleapp.com by DNS name to allow your integration to call APIs exposed by the Platform.

TIP: You do not need to pay for a TLS certificate. Consider using Let's Encrypt, which provides automatically rotated certificates for free. You must configure their automatic renewal tool because they issue certificates for 90 days at a time.

IMPORTANT: While not strictly required, we highly recommend TLS for your web services. If you choose to configure insecure HTTP URLs for your web services, you acknowledge that a third party could potentially intercept or obtain any transferred data.