Skip to content
ET Notif Docs

Security and Operational Best Practices

Security controls

Section titled “Security controls”
  • Use a unique API key per integration environment.
  • Rotate keys on a fixed cadence.
  • Revoke keys immediately on suspected leak.
  • Keep webhook secret strict and rotate periodically.
  • Keep message bodies free of high-risk secrets when possible.

Reliability controls

Section titled “Reliability controls”
  • Monitor queue backlog and retry rates.
  • Monitor status distribution (failed, blocked, retrying, unlinked).
  • Inspect DLQ entries during incidents.
  • Keep retry semantics idempotent in upstream callers.

Tenant isolation checklist

Section titled “Tenant isolation checklist”
  • Never share keys across tenants.
  • Scope all status checks to your own IDs.
  • Audit app logic so one tenant cannot query another tenant artifacts.

Operational runbook starters

Section titled “Operational runbook starters”
  • Key leak: revoke key, issue replacement, rotate clients, verify auth failures on old key.
  • Telegram 429 spikes: inspect queue pressure and retry delay growth.
  • Phone verification drops: verify webhook health and contact-share UX path.