{"templateId":"markdown","sharedDataIds":{"sidebar":"sidebar-sidebars.yaml"},"props":{"metadata":{"markdoc":{"tagList":[]},"type":"markdown"},"seo":{"title":"Important conventions, best practices, and next steps","meta":[{"name":"robots","content":"noindex"}],"llmstxt":{"hide":false,"sections":[{"title":"Table of contents","includeFiles":["**/*"],"excludeFiles":[]}],"excludeFiles":[]}},"dynamicMarkdocComponents":[],"compilationErrors":[],"ast":{"$$mdtype":"Tag","name":"article","attributes":{},"children":[{"$$mdtype":"Tag","name":"Heading","attributes":{"level":1,"id":"important-conventions-best-practices-and-next-steps","__idx":0},"children":["Important conventions, best practices, and next steps"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Here are some important conventions to remember while working with Spotnana APIs:"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Send and receive API requests and responses in ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["application/json"]}," format."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["All requests require ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["Authorization: Bearer <access_token>"]},"."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Be sure to store the UUID values returned when creating resources on the platform (e.g., creating a new user)."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["All update APIs (e.g., update an user profile) require you to send the complete object."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["See ",{"$$mdtype":"Tag","name":"a","attributes":{"href":"/spotnana/error_handling"},"children":["error handling"]}," to learn more about standard HTTP error codes."]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"security-and-best-practices","__idx":1},"children":["Security and best practices"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["The following are some important security recommendations and best practices:"]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":3,"id":"credential-management","__idx":2},"children":["Credential management"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Store credentials in secure vaults (e.g., AWS Secrets Manager, HashiCorp Vault)."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Never commit credentials to source code repositories."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Use environment variables for configuration."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Rotate the ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["clientSecret"]}," regularly (we recommend every 90 days)."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Use separate credentials for sandbox and production."]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":3,"id":"access-controls","__idx":3},"children":["Access controls"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Implement IP-based access controls where possible."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Use least-privilege access principles."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Review and audit access permissions regularly."]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":3,"id":"logging-and-monitoring","__idx":4},"children":["Logging and monitoring"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Log all API requests and webhook receipts."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Monitor for unusual access patterns."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Set up alerts for authentication failures."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Maintain audit trails for compliance."]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":3,"id":"incident-response","__idx":5},"children":["Incident response"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Develop a security incident response plan."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Know how to contact the Spotnana integration team."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Document security incidents and resolutions."]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"what-to-do-next","__idx":6},"children":["What to do next?"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Explore the ",{"$$mdtype":"Tag","name":"a","attributes":{"href":"/"},"children":["API developer documentation"]}," to better understand the full capabilities of the APIs. Refer to following sections for more specific information:",{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"a","attributes":{"href":"/spotnana/concepts_intro"},"children":["Concepts"]}," to learn more about the terminology used on the platform (e.g., What's a trip?)."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"a","attributes":{"href":"/spotnana/user_workflow_intro"},"children":["Workflows"]}," to understand the complete list of integrations you can build using the APIs."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"a","attributes":{"href":"/guides/guides-landing-page"},"children":["Guides"]}," to get more details on a specific feature and read instructions on how to use it."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"a","attributes":{"href":"/openapi/authapi"},"children":["API reference"]}," to view the complete schema along with samples for all the APIs."]}]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Set up ",{"$$mdtype":"Tag","name":"a","attributes":{"href":"/webhooks/webhook-main-intro"},"children":["webhooks"]}," if you need event-driven updates delivered to your custom endpoint. See ",{"$$mdtype":"Tag","name":"a","attributes":{"href":"/openapi/webhookeventapi/webhooks"},"children":["webhook reference"]}," for the list of events we currently support."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Use ",{"$$mdtype":"Tag","name":"a","attributes":{"href":"/releases/changelog"},"children":["changelog"]}," to track updates made to our APIs."]}]}]},"headings":[{"value":"Important conventions, best practices, and next steps","id":"important-conventions-best-practices-and-next-steps","depth":1},{"value":"Security and best practices","id":"security-and-best-practices","depth":2},{"value":"Credential management","id":"credential-management","depth":3},{"value":"Access controls","id":"access-controls","depth":3},{"value":"Logging and monitoring","id":"logging-and-monitoring","depth":3},{"value":"Incident response","id":"incident-response","depth":3},{"value":"What to do next?","id":"what-to-do-next","depth":2}],"frontmatter":{"seo":{"title":"Important conventions, best practices, and next steps"}},"lastModified":"2026-04-22T17:33:23.000Z","pagePropGetterError":{"message":"","name":""}},"slug":"/integration/api/api-next-steps","userData":{"isAuthenticated":false,"teams":["anonymous"]},"isPublic":true}