Account Structure

Compartmentalisation

A key security concept around the Experian One Platform is its multi-tenant and multi-instance type of architecture. Critical processing components and data belonging to each client are segregated, meaning that there is no risk of intermingling or leakage between clients and system parts.

Compartmentalisation

An Account Compartment contains:

  1. The configuration services where products and product access can be configured.
  2. Execution compartments containing the data processing.

All of the configuration and runtime compartments for a client, plus the data storage associated with each are contained within a geographical location. The Studio is an interactive strategy design environment that benefits from being closer to the Designer. While this is possible, by default it runs inside the location assigned to the Account.

Service Endpoints and Execution

The power of the Experian One Platform is its configurability and extensibility based around the PowerCurve® Decision Agent.

Decision execution environment

The Experian One Platform runs the decision strategy in an execution compartment that provides isolation for the runtime. As a system built on top of Kubernetes, the runtime compartments are based on Kubernetes namespaces with network policy separation between them. Each microservice implements a set of common controls allowing essential security operations to be executed locally within the execution compartment. This includes session validation, access control checks and encryption.

Regional Service Endpoints and URL Format

The Experian One Platform resources are published through a set of location-specific gateways followed by a service-specific path forming a uniquely addressable resource. The service-specific components are randomly assigned at creation and thereafter fixed to allow integration into a decisioning pipeline. The fully qualified URL format includes the location-specific gateway (shown in blue text in the example below) and a 12-character unique ID (in blue text with blue background in the Service column). Common services are used within the Experian One Platform Portal while others are intended for service automation and can be supplied by the Experian support team.

Location gateway Product Service Resource
https://APIGateway /decisionanalytics /experianone /0123456789ab /**
Geographic location API Gateway
Australia api.experian.com.au
Singapore api.experian.com.sg
Brazil api.serasaexperian.com.br
EMEA eu-api.experian.com
India in-api.experian.com
United Kingdom uk-api.experian.com
United States us-api.experian.com

IP Restrictions

It is possible to control the location from which an API call into the Experian One Platform can be made. This is a configuration applied to the identity calling the API. IPv4 addresses permitted to request session tokens may be defined as part of the user administration process and evaluated at session creation.