How does the API work?
The MageMail connector module opens up API access, which the magemail.co app connects to in order to get customer and order data to generate triggered emails off of.
The API accepts SQL queries and returns back data.
**UPDATE:** There is a new version of the API that replaces the raw SQL with a serialized Zend_Db_Select object that is beginning to be rolled out.
The SQL API endpoint is quite powerful and allows for rapid and flexible development on the web application side, but because of how powerful it is, it requires significant security measures.
1) The API route is randomized
So that if an attacker were to attempt to attack it, they would first have to find out what the API route was. This is similar to how Magento's admin route can be customized, except that it's not optional, it's part of the installation process for all customers.
2) The API key and route are never shown to you in order to be copied and pasted.
One of the reasons for this is that people tend to copy and paste such credentials and put them into email when they have access to them, which is one of the easiest ways to have them intercepted.
The API key and route are generated from the connector module and transmitted over HTTPS to MageMail. When MageMail makes API calls, it also does so over HTTPS.
3) The API has an IP address whitelist
This checks to see that incoming API requests are only made from authorized IP addresses (i.e. the IP address of the MageMail servers).
4) No customer data is stored
Customer and order data are not stored in the web application currently, other than the customer's email address and the order number (in order to track recipient history, unsubscribes, etc.).
5) The API has a keyword blacklist
By default, the sales_flat_order_payment table is included in the blacklist. This prevents the API from accessing data from that table. So that if credit card information was stored there (which it should not be - that would be a violation of PCI), it would not be accessible over the API.