Each time that you log into FuseDesk, we’ll ask you to login using your email and password. For most users, this will be your InfusionsoftID and Infusionsoft Password.
The first time that you log into FuseDesk, we’ll also ask you for your Infusionsoft API Key which allows us to behind the scenes access your Infusionsoft app and save incoming emails on cases, notes on cases, run automation from cases and more.
All of your FuseDesk activity is sent over SSL. This activity includes logging in with your InfusionsoftID and password – and the first time that you login, your Encrypted Infusionsoft API Key.
Your actual password is never sent through to Infusionsoft. Only the encrypted version of your password is sent over to Infusionsoft to authenticate your account. At no time do we at FuseDesk log into any of your Infusionsoft apps using your InfusionsoftID or password from the login screen.
If you want to talk tech, your email password is sent to us via SSL, and an MD5 hashed version of your password is authenticated against your Infusionsoft app to verify that your InfusionsoftID and hashed password are valid. The hash can’t be used to log into an Infusionsoft app as you need the actual password to login.
You should, of course, always have a good, random, long, and unique password for everything you use, including Infusionsoft.