Security guidance for Cancel Hansel API partners, focusing on API key handling, webhook verification, partner data handling, evidence integrity, and responsible integration.
Store API keys securely on the server side and avoid exposing them in browsers or client applications. Rotate keys regularly, revoke unused keys, and grant the minimum permissions needed for each integration.
Verify the x-cancel-hansel-signature header on all webhook payloads. Only trust events after successful signature validation to maintain evidence integrity and prevent unauthorized updates.
Handle partner booking data with care. Use secure storage for booking references, avoid unnecessary duplication, and ensure partner data is processed only by authorized systems.
Cancel Hansel helps preserve structured evidence through protected booking records, webhook delivery tracking, and evidence packet generation. Preserve logs, timestamps, and audit records for operational accountability.
Log integration events, webhook deliveries, retries, and policy evaluation outcomes. Operational logging helps you troubleshoot issues and demonstrate consistent evidence workflow behavior.