REST Image API Migration Security FAQ

Why is Emburse retiring the SOAP-based Expense Image API?

The SOAP API is built on outdated infrastructure, including:

  • Servers running an operating system that is past End of Life
  • A codebase tied to the now-deprecated Flash UI
  • A protocol no longer aligned with Emburse’s REST-first strategy

These limitations pose increased security and compliance risks, prompting the transition to a more modern and secure REST-based solution.

Is REST API as secure as SOAP?

Yes, REST APIs are as secure as SOAP APIs.

How is data protected in transit with REST?

All REST APIs use HTTPS with TLS 1.2+ for secure communication and encrypt data in transit to prevent interception or tampering.

How does authentication work in the REST API?

The REST API uses API keys for authentication.

Where is customer data stored and how is it protected?

All customer data is stored in encrypted databases (AES-256). We maintain geo-redundant backups, automated disaster recovery, and real-time monitoring. Access to data is restricted, logged, and audited regularly.

Is the REST API compliant with industry regulations?

Yes. Our compliance aligns with major compliance frameworks, including:

  • GDPR (General Data Protection Regulation)
  • SOC 2 Type II
  • PCI-DSS (for payment data, where applicable)

Additionally, security audits and penetration testing are conducted regularly by third parties.

How do you protect against common vulnerabilities?

  • Secure API Practices
  • TLS Encryption
  • Authentication and Authorization
  • Logging and Monitoring
  • SQL Injection
  • Cross-Site Scripting (XSS)

How does Emburse protect my data during the migration?

Data continues to be protected by the same enterprise-grade controls already in place:

  • All REST API traffic is secured.
  • No change to existing data-retention or privacy protocols.
  • The migration does not expose or transfer customer data automatically; integrations must be manually updated and validated.

Who can I contact with security questions or reports?

Please contact your Emburse Enterprise Customer Success Manager.

You may also refer to the security and compliance documentation within the Emburse Trust Center

Was this article helpful?