Account Structure
Compartmentalisation
A key security concept around the Experian One Platform is its multi-tenant and multi-instance type of architecture. Critical processing components and data belonging to each client are segregated, meaning that there is no risk of intermingling or leakage between clients and system parts.
An Account Compartment contains:
- The configuration services where products and product access can be configured.
- Execution compartments containing the data processing.
All of the configuration and runtime compartments for a client, plus the data storage associated with each are contained within a geographical location. The Studio is an interactive strategy design environment that benefits from being closer to the Designer. While this is possible, by default it runs inside the location assigned to the Account.
Service Endpoints and Execution
The power of the Experian One Platform is its configurability and extensibility based around the PowerCurve® Decision Agent.
Decision execution environment
The Experian One Platform runs the decision strategy in an execution compartment that provides isolation for the runtime. As a system built on top of Kubernetes, the runtime compartments are based on Kubernetes namespaces with network policy separation between them. Each microservice implements a set of common controls allowing essential security operations to be executed locally within the execution compartment. This includes session validation, access control checks and encryption.
Regional Service Endpoints and URL Format
The Experian One Platform resources are published through a set of location-specific gateways followed by a service-specific path forming a uniquely addressable resource. The service-specific components are randomly assigned at creation and thereafter fixed to allow integration into a decisioning pipeline. The fully qualified URL format includes the location-specific gateway (shown in blue text in the example below) and a 12-character unique ID (in blue text with blue background in the Service column). Common services are used within the Experian One Platform Portal while others are intended for service automation and can be supplied by the Experian support team.
Location gateway | Product | Service | Resource |
---|---|---|---|
https://APIGateway /decisionanalytics |
/experianone | /0123456789ab
|
/** |
Geographic location | API Gateway |
---|---|
Australia | api.experian.com.au |
Singapore | api.experian.com.sg |
Brazil | api.serasaexperian.com.br |
EMEA | eu-api.experian.com |
India | in-api.experian.com |
United Kingdom | uk-api.experian.com |
United States | us-api.experian.com |
IP Restrictions
It is possible to control the location from which an API call into the Experian One Platform can be made. This is a configuration applied to the identity calling the API. IPv4 addresses permitted to request session tokens may be defined as part of the user administration process and evaluated at session creation.