API Technical and Security FAQ's

What specific ports outbound from our server to Vistar need to be open?

Native integration - 443/tcp

Cortex or Agent integration - 443/tcp

What specific ports inbound from Vistar need to be open (ports and protocols please) to reach our server?

No inbound ports are required, Vistar does not initiate communication to your server

What IP addresses or domain names of Vistar’s have to be whitelisted at the site?

Depending on your integration type please whitelist the below domains: 

  • Broadsign, Ayuda or Cortex: *.cortexpowered.com and *.vistarmedia.com 
  • Native: *.vistarmedia.com 
What SSL ciphers do you support?

We only allow SSL ciphers that are supported by TLS v1.2

What is the minimum bandwidth requirement for the solution to operate?

We recommend running on a 4g network. If you plan to run video ads we recommend a minimum of 2.5Mbps

What is the timeout period if an ad request experiences latency from the Vistar ad server?

Our load balancers timeout requests after 60 seconds

Do you perform SOC2 testing?

We do not perform testing against the SOC2 standard, however we do perform an annual security audit. 2022 is still underway and being done against the NIST standard. 

What mechanisms are in place to ensure the solution is checked and patched for security vulnerabilities?

We are alerted by AWS when we need to patch linux version on our prod EC2 instances, for other services, AWS patches automatically

Who is your hosting provider and what security is  in place? 

AWS hosts our ad server. See below our hosting provider's security documentation: 

Infrastructure Security
EC2 Data Security
S3 Data Protection
Was this article helpful?
1 out of 1 found this helpful