Security


Project Connect APIs are designed with security as a core principle. All API communication is protected using SSL encryption to ensure that data is transmitted securely at all times.
Authentication is handled through DNV’s Veracity identity provider using secure Bearer tokens. This ensures that only authorised applications and users can access the APIs.
Each API user is associated with an individual Project Connect account. This allows SIEMENS’ built in access control mechanisms to be applied at a granular, per user level, providing clear accountability and robust access management aligned with existing permissions.

System Diagram


API System Diagram

Handling of personal identifiable information


Some data exchanged through the APIs may include personally identifiable information (PII). Protecting this information is a key priority.

Access to PII is controlled through dedicated API scopes. These scopes must be included in the access token used by your application when calling the API and are configured by DNV as part of the Veracity onboarding process for your registered application.

If an application attempts to request PII without the required scope, the information will not be returned. In such cases, the affected fields will either be omitted from the response or returned with a null value, ensuring that sensitive data is never exposed unintentionally.