As this API requires you to use access tokens, there are some security best practices you should implement as part of your integration.
The client Id and client secret are in effect very similar to a username and password for a website. Due to this, we should ensure we take the same precautions when storing this information.
We recommend you take the following into consideration:
- Client Ids and Secrets encrypted before being persisted in a database
- Client Ids and Secrets should not be shared among different users
- Client Ids and Secrets should not be exposed publicly
Once generated, access tokens are a gateway into acting on behalf of a host on the Plum Guide platform. They give you temporary access to manipulate listings and gather information from the host.
Due to this, we recommend you take the following into consideration:
- Do not send tokens over non-HTTPS connections as those requests can be intercepted and tokens can be compromised.
- Access tokens should not be exposed publicly
- Access tokens should not be shared among different users