HomeUser GuidesAPI Reference
Get Started
HomeAPI Reference
Authentication
Branches
Contact Groups
Contacts
Conversations
Error HandlingInvoices
Messages
Orders
Rate LimitingSDKs & Code ExamplesTemplatesTicketsAPI VersioningWABA NumbersWebhooks
User GuideAPI ReferenceBest PracticesBest Practices

Best Practices

Recommended practices for secure authentication

Reading time: 1 minute

Best Practices

1. Secure Storage

Secure Storagejavascript
// āœ… Correct - use environment variables
const hmacSecret = process.env.HMAC_SECRET;

// āŒ Wrong - store in code
const hmacSecret = 'my-secret-key-123';

2. Error Handling

Error Handlingjavascript
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
async function makeAuthenticatedRequest(endpoint, data) {
try {
  const timestamp = Math.floor(Date.now() / 1000);
  const signature = generateSignature(/* ... */);
  
  const response = await fetch(endpoint, {
    method: 'POST',
    headers: {
      'Accept': 'application/json',
      'Content-Type': 'application/json',
      'X-Awal-Signature-256': signature,
      'X-Timestamp': timestamp.toString(),
      'X-Domain': process.env.WORKSPACE_DOMAIN,
      'X-Client-ID': process.env.CLIENT_ID,
    },
    body: JSON.stringify(data),
  });
  
  if (!response.ok) {
    const error = await response.json();
    throw new Error(`API Error: ${error.message}`);
  }
  
  return await response.json();
} catch (error) {
  console.error('Request error:', error);
  throw error;
}
}

3. Caching

Tip: Don't cache signatures. Generate a new signature for each request.

Cachingjavascript
// āœ… Correct - new signature for each request
const signature1 = generateSignature(/* ... */);
await makeRequest(signature1);

const signature2 = generateSignature(/* ... */);
await makeRequest(signature2);

// āŒ Wrong - reusing signature
const signature = generateSignature(/* ... */);
await makeRequest(signature);
await makeRequest(signature); // will fail

Related

ā† Back to Authentication
View Guide
View