Follow these guidelines for a secure and efficient integration.
DO: Never expose API keys
Store keys in environment variables, not in code
DO: Use HTTPS only
All API requests must use HTTPS
DO: Rotate keys regularly
Change your API keys every 90 days
DON'T: Share keys in Slack/email
Never share keys in insecure channels
DO: Implement caching
Cache country and service lists
DO: Use webhooks
Prefer webhooks over polling for SMS
DON'T: Poll too frequently
Respect rate limits (max 10 req/sec)
DO: Implement retries
Use exponential backoff for failures
DO: Handle all errors
Check response status codes
DO: Log request IDs
Store request IDs for debugging
DON'T: Ignore errors
Always handle error responses
DO: Implement timeouts
Set reasonable timeout values
| Endpoint | Limit |
|---|---|
| GET requests | 100/minute |
| POST requests | 30/minute |
| SMS polling | 10/second |
| Bulk operations | 5/minute |