---
title: Connection and security
description: No sensitive user data is collected by the PingDataMetrics server and stored in the DBMS. If secure access to the PingDataMetrics server REST API is required, enable secure HTTPS connections and require authentication.
component: pingdirectory
version: 9.3
page_id: pingdirectory:pingdatametrics_server_administration_guide:pd_met_connection_security
canonical_url: https://docs.pingidentity.com/pingdirectory/9.3/pingdatametrics_server_administration_guide/pd_met_connection_security.html
revdate: September 13, 2023
---

# Connection and security

No sensitive user data is collected by the PingDataMetrics server and stored in the DBMS. If secure access to the PingDataMetrics server REST API is required, enable secure HTTPS connections and require authentication.

If not configured during setup, you can enable a secure HTTPS Connection Handler and authentication using `dsconfig`.

|   |                                                                                                                                                                                                                                                                                                                                                                                                          |
| - | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|   | By default, the PingDataMetrics server can open up to 20 simultaneous database connections. The HTTP Connection handler that runs the REST API servlet has a default value of 15 connections. If the PingDataMetrics server receives requests through multiple HTTP Connection Handlers, make sure that the total number of request handlers does not exceed the maximum number of database connections. |

When authentication is enabled, the REST API service requires HTTP basic authentication. Requests are authenticated against entries in the `api-users` LDIF backend, or entries in `cn=Root DNs,cn=config`. Root distinguished name (DN) users have many privileges by default. To restrict access, authenticate with users in the `api-users` backend instead, to prevent the unnecessary use of more privileged account credentials.