At Rhombus Systems, we like to think of ourselves as an API-oriented organization. APIs for accessing cameras, APIs for accessing video, APIs for accessing APIs…I think you get the point. This is why defining clear interfaces between systems is hugely advantageous in software development. It leaves no room for ambiguity, removes the need for either side to worry about the other, and makes interactions in the system as simple as possible.
When we exposed APIs to our clients and partners, we exposed the same contracts that we, ourselves, must adhere to. We can hardly tell the difference between our clients and customers since they are all calling the same endpoints. This enables organizations to receive a powerful, easy-to-use, and robust API infrastructure that is much more than some afterthought that you’ll commonly find in traditional video security systems or NVRs.
To harness the full power of Rhombus Systems!
One question that often comes up with customers is “are you a closed or open system?” Because of our comprehensive API infrastructure, the answer is both! While it’s true that we don’t currently interoperate with other video security systems using traditional standards (ONVIF, RTSP, etc.) – it’s not because we want to lock you into the system, it’s because we would lose control in providing you with a world-class experience. The experience currently provided by other systems in the market is the reason why so many customers have been pushed away from traditional systems in the first place and why we do what we do.
With the Rhombus API, there is nothing even remotely closed about our system. All data, video, reporting, metrics are available at our customers’ fingertips and can be customized to no end. Say you want to store a backup of all videos on a local NAS. Great, simply use our API to pull the footage and save it directly. Maybe you want to incorporate our Face analytics with your timecard software to align sign-ins/outs with the real world? Great, all of the data is easy to pull from our API. For our partners, we provide simple API access to all of your customer accounts, so you no longer need to manage multiple sets of credentials. All you need is just one set of credentials across your entire customer base. This allows for running batch operations, aggregations, and other automation across all of your customers, saving you precious time and money.
At Rhombus, we’ve built the most powerful cloud video security product on the market, but the power of our product only matters if customers can use it. Using the Rhombus API enables your organization to bring your video security system in line with the rest of your IT infrastructure to better improve security and operations.
We use a common API framework called OpenAPI (version 3.0 as of writing this), which makes incorporating the Rhombus API a breeze. There are countless client-side bindings in every language imaginable, which makes including an API client into your codebase as simple as running a single command with our OpenAPI document as an argument.
If you prefer to run from the command line (using wget or cURL), no problem. The API follows a simple JSON over HTTPS convention, making the commands easy to read and understand. We also have an upcoming webhook option, which will post JSON to the HTTPS server of your choice to receive real-time data updates.
More secure than any other API you’ve used.
Most other Cloud APIs use a simple character-based key/password for controlling API access. This means if that simple string is ever leaked or intercepted (see next sentence), someone will have full access to your account, which invalidates any other sophisticated controls that may be in place for normal user login. Also, most Cloud APIs rarely enforce/encourage any type of certificate validation, which means that a simple man-in-the-middle attack could easily intercept, see your secret key in plain text, and then spoof any request they want using that info.
The Rhombus API uses the same industry-leading security models that can found throughout the platform. Namely, a PKI infrastructure, which uses a signed and verified client-side certificates, along with a second-factor access key. One of the major advantages of using certificates for authentication is that the private material never leaves your system. Even if a malicious actor were able to man-in-the-middle your traffic (which they won’t, see next sentence), there is nothing in the request that can be used to emulate your account in future requests. And since Rhombus does full client certificate authentication, customers only have to trust our intermediate certificate on their side, to effectively thwart man-in-the-middle attacks.
We also strongly recommend that customers do two more things to make the Rhombus API as secure as possible: password protect your private key and store both the password and the access key separately from the private key. This ensures that all 3 of these factors would need to be compromised for a breach to take place. If all 3 are stored separately (perhaps one in code, one on the server, and another in a properties file), you are ensuring that someone would need wide-spread access to your infrastructure to gain anything useful.
We’re incredibly proud of the Rhombus API and are excited to share its capabilities with you. The Rhombus API truly opens the platform up to ensure that your organization has a video security system that meets your needs and allows for flexibility for when you need specific actions to take place. If you are interested in learning more about our API, product, and features in greater detail, please be sure to reach out to firstname.lastname@example.org!
On December 9th 2021, the Apache Log4j project disclosed a zero day vulnerability that affects Log4j. This vulnerability is also known as Log4Shell. Upon learning of this exploit, Rhombus took immediate action to see if any of its services used Log4j. Our analysis over the last few days found the following.
Cybersecurity is becoming an increasing priority for enterprise organizations. Because cybersecurity deals with data, privacy, and security, organizations today are finding that cybersecurity and physical security—especially video surveillance—are unavoidably linked. But what exactly do you need to worry about when it comes to cybersecurity and video surveillance? How can you protect your video security system against breaches and cyberattacks? How do you know that the data privacy of your employees, customers, and more is secure? This guide will help you understand what good cybersecurity standards and practices look like in a video security context. You’ll learn what best practices you personally can follow, and what best practices you should look for in a vendor.
Many CJIS-compliant organizations wonder how video surveillance fits into their security policies. Security cameras help criminal justice organizations secure their facilities and protect employees. However, it’s crucial to maintain CJIS compliance to protect Criminal Justice Information (CJI) while using a video security solution. In this article, you’ll learn how to use security cameras in a CJIS-compliant way, and how you can use video surveillance to strengthen overall CJIS compliance throughout your entire organization.