Security best practices for ZIS integrations

ZIS provides a range of security options to help you ensure your sensitive information stays secure. When creating a ZIS integration, follow these best practices to protect your private data and reduce the risk of a security breach.

Build in a test account

Build and test your integration in a sponsored test account before running it in a customer account. This helps prevent accidental data leaks.

Store credentials in connections

Don't store credentials, secrets, or other sensitive information in:

These resources aren't encrypted and are accessible using ZIS APIs. Depending on your integration, data in a ZIS config or ZIS link may be accessible in connected systems. To store credentials for use in a ZIS flow, use connections instead.

Don't log sensitive information

Don't include sensitive information in:

A Succeed state's Message value
A Fail state's Cause value

ZIS outputs these values to the integration logs. Integration logs are accessible to all admins for the Zendesk account.

Verify requests from ZIS

If able, use ZIS JSON Web Tokens (JWTs) to verify HTTP requests from your integration to third-party systems. This helps ensure the requests are legitimate. See Verifying requests with JWTs.

Getting Started

Developer Guide

Integration design guidelines

Zendesk Integration Services examples

Zendesk Integration Services tutorials

Security best practices for ZIS integrations

Build in a test account

Store credentials in connections

Don't log sensitive information

Verify requests from ZIS