Livestorm’s REST API provides 2 authentication methods: private API tokens and OAuth2. The API token authentication method is available to all validated Livestorm customers who want to build private apps, automate processes, and collect engagement data. The OAuth2 authentication method is only available for Technology Partners who want to build public integrations with Livestorm.
Make sure that you never use your API token/access token publicly on a frontend page. Any tech-savvy user could check the console and network monitoring, retrieve your API token and make malicious API calls on your behalf.
Double-check that no untrusted peer or system has direct access to your API token or client ID/secret. Also, avoid logging API calls with your API token in plain sight in your backend or monitoring system. Make sure that the source code that uses your API token is private and cannot be accessed publicly. If you're using version control software (e.g Git, SVN, etc.), make sure that your repository is only accessible to trusted stakeholders.
We recommend storing your API tokens and OAuth2 client ID/secret in environment variables instead of hardcoding them in variables.
Finally, don't hesitate to regularly re-generate a new API token. If one of your systems was subject to a data leak or anyone got access to your API tokens, we strongly advise you to re-generate your API token(s).
Updated 6 months ago