Help Centre / Developer API & Webhooks
🔒

Developer API security best practices

Protect tokens, use separate connections, keep logs, and avoid cross-company mistakes.

Developer API & Webhooks6 min read

Use separate connections

Create separate connections for n8n, website, online store, and delivery partner. This makes logs clear and lets you pause or regenerate one token without affecting others.

Protect tokens

  1. Never place API tokens in public browser JavaScript.
  2. Store tokens only in server-side code or secure automation credentials.
  3. Regenerate a token immediately if it is exposed.
  4. Use idempotency keys for order creation and payment updates.

Company isolation rule

Do not trust company_id from external payloads. BOS already resolves the company from the connection itself.

Related help

Getting started with Kasaloma BOSSet up company profile and brandingAdd team users and choose rolesDeveloper API monitoring, cleanup and production healthAPI v1 compatibility lock and changelog

Need direct support?

Contact Kasaloma support if you cannot find the answer or your workspace needs checking.

Contact support