Here are some important conventions to remember while working with Spotnana APIs:
- Send and receive API requests and responses in
application/jsonformat. - All requests require
Authorization: Bearer <access_token>. - Be sure to store the UUID values returned when creating resources on the platform (e.g., creating a new user).
- All update APIs (e.g., update an user profile) require you to send the complete object.
- See error handling to learn more about standard HTTP error codes.
The following are some important security recommendations and best practices:
- Store credentials in secure vaults (e.g., AWS Secrets Manager, HashiCorp Vault).
- Never commit credentials to source code repositories.
- Use environment variables for configuration.
- Rotate the
clientSecretregularly (we recommend every 90 days). - Use separate credentials for sandbox and production.
- Implement IP-based access controls where possible.
- Use least-privilege access principles.
- Review and audit access permissions regularly.
- Log all API requests and webhook receipts.
- Monitor for unusual access patterns.
- Set up alerts for authentication failures.
- Maintain audit trails for compliance.
- Develop a security incident response plan.
- Know how to contact the Spotnana integration team.
- Document security incidents and resolutions.
- Explore the API developer documentation to better understand the full capabilities of the APIs. Refer to following sections for more specific information:
- Concepts to learn more about the terminology used on the platform (e.g., What's a trip?).
- Workflows to understand the complete list of integrations you can build using the APIs.
- Guides to get more details on a specific feature and read instructions on how to use it.
- API reference to view the complete schema along with samples for all the APIs.
- Set up webhooks if you need event-driven updates delivered to your custom endpoint. See webhook reference for the list of events we currently support.
- Use changelog to track updates made to our APIs.