Security

Your security is our top priority at Rentals United. In the Security panel, you can control the security settings of your account. The settings here affect the account owner and the subusers. Enhance your account security and learn about several key features within your account settings. Read the details below.

If you cannot see the Security tab in the main menu, it means you are not the account owner. If you believe this is incorrect, contact the Rentals United Support Team.

Changing most of the settings on the Security tab requires you to provide your credentials. It is a mandatory step to confirm your identity before the settings are changed.

 

Require Multi-Factor Authentication (MFA)

Require Multi-Factor Authentication (MFA) - Multi-Factor Authentication (MFA) is an authentication method where a user is granted access only after successfully confirming the log-in attempt. You can read more about MFA here.

  • MFA is enabled for all users by default (account owner and subusers)

  • MFA can be turned off only for the account owner (not recommended)

  • Subusers are always required to log in using MFA

  • MFA is always required when logging in from an unknown IP address (not in use for more than 2 weeks)

  • MFA notifications are sent to the username in the first place (email address that you use for logging in)

  • You can set up an MFA notifications email where you will receive your MFA notifications (applicable for account owners only). This email will be used for the MFA purposes only.

To enhance security of your account, one security option must be always enabled. It means either MFA or password change enforcement must be enabled.

 

Force password change every 90 days

Force password change every 90 days - this option forces your users and subusers to change the password every 90 days. It is turned on by default. You can read more about the password change requirements and procedures here.

To enhance security of your account, one security option must be always enabled. It means either MFA or password change enforcement must be enabled.

Login history

Log out of all sessions - if you spot any suspicious login attempt or activity in your account, you can force log out and terminate all active sessions (for all users and sessions, including API) by clicking the Log out of all sessions button. You will be logged out from your current session, too. Make sure to change your password afterwards!

 

Login history allows you to view the recent activity related to the security in your account.

  • login attempt status (successful or failed)

  • login attempt time stamp

  • username used for login

  • IP

 

API access

In this section, you can control who can access your account via API. You can do this by defining the IP addresses that would have access to it.

Limiting the API access brings the following benefits:

  • Increases the overall security of your account

  • Protects your data and the data of your customers

  • Secures your account from an unauthorised use

  • Complies with security standards and policies

 

Request API access

If you do not have API access enabled, you will see relevant information in the Security panel.

By default, all new accounts are created without the API access enabled. However, you can request API access any time.

  1. Open the Security panel.

  2. Scroll down to the API access section.

  3. Click Request access.

The access request is sent to the Support Team and will be soon confirmed. Once it is confirmed, you will see the API access will set to No IP restriction. The Support Team will get back to you.

 

API access options

Once you are granted the API access, you will see the following options available in the Security panel.

  • Whitelisted IP address only

    This option allows you to provide an IP address that can be used to access the API. You can define one or more IP addresses here. The IP addresses used to call our API will be validated against this white list. If a request to our API is made from an IP address which is not added to the white list, the API returns an error message and the request is not processed. Note that you need to define an exact IP address and no masked or wild IP addresses are accepted (recommended & safest option).

  • No IP restriction

    This option allows to access your account via API from any IP address. We will not check the IP address from which the request was made (not recommended).

  • Block API access

    This option revokes the API access from your account. You will still be able to request API access in future and your request will need to be approved by our Support Team - as described here.

The badge icon on top informs you about the current status of your security settings. Seeing Improve your security? Consider upgrading your security settings to increase the security of your account.