API security, rate limits, idempotency, and support
Integration hardening practices for production-safe API clients.
Production integrations should enforce strict credential handling, predictable retry rules, and idempotent client behavior where supported.
Security and access controls
- Store credentials securely and rotate on incident or ownership changes.
- Use least-privilege scopes/roles for integration identities.
- Log request identifiers and error codes for traceable support escalation.
Rate-limit and idempotency guidance
- Handle
429responses with controlled retry delay and backoff. - Use idempotency keys where API workflows support them (for example chat send-message flows).
- Treat duplicate-submission risk explicitly in client design for order/payment-adjacent actions.
Technical support expectations
- Share endpoint, request ID, timestamp, and sanitized payload when reporting issues.
- Include environment, expected behavior, and observed behavior in every ticket.
Good observability and deterministic retry behavior are the fastest path to stable integrations.
Was this article helpful?
Related articles
API access quickstart and authentication
How to start integration access and understand current authentication modes.
Orders API fields and multi-stop payloads
Required order structure and how to model intermediate stops.
Status updates, retries, and webhook strategy
Current status retrieval pattern and recommended retry behavior.
← Back to API and Integrations
Still need help? Contact support