Each time that you log into FuseDesk, we’ll ask you to login using your InfusionsoftID and Infusionsoft Password.
The first time that you log into FuseDesk, we’ll also ask you for your Infusionsoft API Key which allows us to behind the scenes access your Infusionsoft app and save incoming emails on cases, notes on cases, run automation from cases and more.
All of your FuseDesk activity is sent over SSL. This activity includes logging in with your InfusionsoftID and password – and the first time that you login, your Encrypted Infusionsoft API Key.
Your actual password is never sent to us. It’s one-way encrypted in your browser and we send that encrypted version of your password over to Infusionsoft to authenticate your account. At no time do we at FuseDesk have access to your Infusionsoft password used during login, nor can we log into any of your Infusionsoft apps using your InfusionsoftID or password from the login screen. Your actual password is simply never sent to us nor are your login details stored in any way on our end.
If you want to talk tech, your password is on-way hashed using the MD5 algorithm, sent to us via SSL, which in turn is authenticated against your Infusionsoft app to verify that your InfusionsoftID and hashed password are valid. The hash can’t be used to log into an Infusionsoft app as you need the actual password to login.
View our login source code. Sniff your browser traffic if you like. You’ll see us MD5 your password and in the HTTPS traffic, you’ll see the one-way encrypted password being sent to us!
You should, of course, have a good, random, long, and unique password for everything you use, including Infusionsoft.