Best Practices

REST-first integration guides aligned with the live Xaqiiji API contract.

Security Best Practices

Never expose API keys

Use backend-only requests

Rotate keys

Verify webhook signatures

Use test keys for development

Implement audit logging

Set HTTP timeouts

Use Idempotency-Key

Avoid retry storms

Monitor latency

Separate sandbox and production keys.

Keep verification calls on trusted servers.

Use webhook signature verification.

Capture requestId and referenceId in logs.

Review errors and rate limits before going live.

OpenAPI Specification

Was this page helpful?