Security best practices for ZIS integrations
ZIS provides a range of security options to help you ensure your sensitive information stays secure. When creating a ZIS integration, follow these best practices to protect your private data and reduce the risk of a security breach.
Build in a test account
Build and test your integration in a sponsored test account before running it in a customer account. This helps prevent accidental data leaks.
Store credentials in connections
Don't store credentials, secrets, or other sensitive information in:
These resources aren't encrypted and are accessible using ZIS APIs. Depending on your integration, data in a ZIS config or ZIS link may be accessible in connected systems. To store credentials for use in a ZIS flow, use connections instead.
Don't log sensitive information
Don't include sensitive information in:
- A Succeed
state's
Message
value - A Fail
state's
Cause
value
ZIS outputs these values to the integration logs. Integration logs are accessible to all admins for the Zendesk account.
Verify requests from ZIS
If able, use ZIS JSON Web Tokens (JWTs) to verify HTTP requests from your integration to third-party systems. This helps ensure the requests are legitimate. See Verifying requests with JWTs.