Dev Portal
๐ Security Best Practices
Keep your integrations and user data safe by following AppVerse security guidelines.
๐ง API Key Management
- Store keys in secure backend environments only.
- Never expose them in frontend or client apps.
- Rotate credentials regularly (at least every 90 days).
- Use read-only keys where possible.
๐ HTTPS & Encryption
- All API requests must use HTTPS.
- Reject any non-TLS (HTTP) connections.
- Encrypt sensitive data in transit and at rest.
- Use TLS 1.2+ with modern cipher suites.
๐งพ Webhook Security
- Validate incoming webhook signatures using your secret key.
- Respond quickly with 2xx codes to acknowledge events.
- Use a separate webhook signing secret for each environment.
๐ฅ Access Control
- Follow the principle of least privilege (PoLP).
- Use role-based access for team members.
- Revoke unused or compromised credentials immediately.
๐ก๏ธ Additional Recommendations
- Enable two-factor authentication (2FA) on all accounts.
- Use environment variables or secure vaults for sensitive data.
- Regularly review API usage logs for suspicious activity.
- Subscribe to AppVerse security updates and advisories.
๐งฉ Report a Security Issue
If you believe you've discovered a vulnerability or security issue, please report it responsibly.
Report via EmailWe appreciate responsible disclosure and respond within 48 hours.