Contents x
    RID Security
      • PDF
      Contents

      RID Security

        • PDF
        Article summary

        Article Overview

        The following article explains the Request Identifier (RID) parameter and outlines why its use is secure against brute-force attacks.

        What is an RID?

        A transaction is an instance of a digital process. A transaction is usually comprised of one step or more. Each step has its unique RID as part of its URL. An RID is an 11-character parameter encoded in base64: 

        https://your-server.easysend.app/fnol-journey/page0/0?preview=1&rid=PhdODWeuO18

        When sharing the transaction's URL, always remove the RID parameter: https://your-server.easysend.app/fnol-journey/

        Each time this link is shared and used, a new unique RID will be generated automatically. If the RID is shared as part of the link, it will result in a single transaction shared for all users with the link. 

        Using a short RID has advantages such as:

        • Cleaner and easier to read, making the RID more user-friendly and visually appealing.
        • Easy to use by operative teams for example when looking up a transaction using the Journey Tracker or the Transaction Logs.
        • Comfortably useable as a link within an SMS.

        FAQs About RID

        The following section contains FAQs about the RID parameter.

        Q: Can the relatively short length of the rid pose a security concern?

        Answer

        The range of possible RIDs is enormous - 2^64, combinations to be exact, making it virtually impossible to guess a valid RID.

        Q: Does EasySend employ rate-limiting?

        Answer

        Yes, EasySend employs robust rate-limiting mechanisms to block excessive attempts to discover a valid RID.  Large-scale attempts would be recognized and handled by EasySend, which could result in further bans or countermeasures. Any attempt to deploy enough IPs or bypass the rate limit would require highly sophisticated infrastructure that is expensive, time-consuming, and easily flagged. 

        Q: What other measurements can be taken to reduce the risk of RID exposure?

        Answer

        Other than preventing brute-force attacks, which is by design, EasySend implements additional protections such as:

        NOTE
        To read more about EasySend's security implementations, capabilities, and features click here.
        Was this article helpful?

        Can’t find what you’re looking for?

        Let us know what you need and we'll help you as soon as possible.

        Contact support