This section describes practices for getting best results with the Secure Edge Portal REST API.
- Give each integration its own API key and use descriptive names that indicate which key goes with each integration. This ensures that if an API key is compromised, you can delete that key without disabling access to rest of your integrations.
- If you need to share an API key, create a new key instead and name it descriptively so it can be deleted if necessary.
- Never email an API key. If your email account is compromised, it could result in unauthorized access to your Secure Edge Portal account.
- Don’t expose any API key to the public (for example, in screenshots, videos, or documentation). Blurring your data isn’t always enough. It’s best to use "cut" functions in your graphics program to remove the data completely.
- Access to each API endpoint is determined by the role of the user who created the API key. For fine-grained access control to the APIs, create a separate user account with desired permissions and use that account to create the API key.
- Always check for errors and exceptions. If an API call returns an error, log the call in as much detail as you can, including what you sent along with the entire error response and headers.
- Frequent API calls (such as to check status) can slow your application. We recommend that you sync only new data and cache frequently used values that do not change often.