Skip to main content

Security Considerations

Security Considerations

1. Protect Credentials

Never hardcode credentials in your application:

// ❌ Bad
const credentials = {
  username: 'myusername',
  password: 'mypassword'
};

// ✅ Good
const credentials = {
  username: process.env.API_USERNAME,
  password: process.env.API_PASSWORD
};

2. Validate Server Certificates

Ensure SSL/TLS certificates are properly validated:

// In Node.js
const https = require('https');

const agent = new https.Agent({
  rejectUnauthorized: true // Ensure this is true in production
});

fetch(url, { agent });

3. Sanitize Input Data

When sending data to the API, sanitize and validate inputs:

const sanitizeEntityUpdate = (data) => {
  // Remove any unexpected fields
  const allowedFields = ['displayName', 'attributes', 'metadata'];
  const sanitized = {};
  
  for (const field of allowedFields) {
    if (data.hasOwnProperty(field)) {
      sanitized[field] = data[field];
    }
  }
  
  return sanitized;
};

Security Considerations