Connect with us: twitter Twitter facebook Facebook
TMM Insider
Highlighted Features
Do you want to perform actions within your NATS installation without logging in? The NATS 4 API allows Admins to run remote requests to perform actions within NATS. Using the NuSoap toolkit for PHP, you can run requests to perform actions such as add a new affiliate, retrieve member details, decode a NATS code or bulk import adtools.

Since the API is IP restricted, Admins will need to add authorized IP addresses from where they are sending API requests to the ADMIN_API_ALLOWED_IPS list. (This can be found in the Configuration Admin under the "Security" section, as seen in the below image.) Once the IP is added, Admins need to retrieve their API key from the NATS database by selecting the "api_key" from the "login" table for their loginid. If you need assistance with this, please put in a support ticket here.

Once the IP is allowed and the key has been retrieved, requests to the API can be made using NuSoap with the necessary parameters. For example, if a NATS code needed to be decoded outside of NATS, Admins would call the API function, "decode_natscode" with the NATS code provided in the parameters. The output from the NATS API for the "decode_natscode" function would be an array of details associated to that NATS code including the affiliate loginid, username of the affiliate, programid, siteid, tourid, adtoolid, subid1, subid2, a flag whether it is an unencoded NATS code, and a flag of whether it is an old NATS 3 code. Details on using the "decode_natscode" API call can be found here.

For further details on using the NATS API as well as all the other available API functions, please visit our wiki article here.
NATS 4 Throttling
Want to prevent surfers from accessing a particular page if they attempt too many requests? Throttling, available in the latest version of NATS 4, is a security setting which will allow Admins to do just that. By restricting the number of attempts that can be made for particular pages, this can help prevent authorization strings for transactions from being entered through brute force, so surfers won't be able to perform transactions without paying for them and being redirected through the correct authorization string.

To configure Throttling through NATS, Admins would first go to the configuration admin under the "Security" section. In this page the Throttling section has options for THROTTLE_WHITE_LIST_IPS and THROTTLE_BLACK_LIST_IPS. hese configurations are a comma-separated list of IP address that will always pass or fail the Throttling checks, Admins can whitelist their IP address for testing purposes of particular pages.

The available pages where Throttling is available is on the Approval, Upgradeplus, Upgraded, Upsellplus, Packageplus, and Tokenplus pages. For each of these pages, Admins can set first what counts as a page request to either Off, Every Page Request, or Failed Page Authentication, which will only occur whenever authentication fails for that particular page. Once that is set, Admins can select the "MAX_COUNT" variable which is the maximum number of attempts by the surfer before they are automatically redirected to the Throttling page; by default this is set to 5 attempts. Lastly, Admins can configure the "TIME_LIMIT" which is the amount of time, in seconds, to have NATS wait before clearing out prior attempts; by default this is set to 3600 seconds, or 1 hour. This means that by default, if a surfer attempts to use a page 5 times, that surfer would need to wait for 1 hour before they are able to attempt to use the same page again.

The pages that the surfer would be redirected to can be configured on a per site basis. To adjust the templates themselves, navigate to your sites admin and edit the templates for one of your sites. The template names are "throttling_security" and "throttling_security_mobile" for the regular and mobile versions, respectively. For further details in regards to using the Throttling system, please visit our wiki article here.

Argus NATS 4 and NATS 3
We are proud to announce the addition of the gateway biller Argus into both our NATS 3 and NATS 4 software. Argus has been added as a credit card processor through the NATS join page. In addition to joining through the NATS join page, Argus has been added to perform both Cross Sales and Upsells. To become a merchant with Argus, please visit them at their site here. If you would like to have Argus added to your NATS installation, please put in a support ticket. Once added to your NATs installation, please review our wiki articles on the configuration of Argus in NATS 3 here and in NATS 4 here.