Security best practices for ZIS integrations
ZIS provides a range of security options to help you ensure your sensitive information stays secure. When creating a ZIS integration, follow these best practices to protect your private data and reduce the risk of a security breach.
Build and test your integration in a sponsored test account before running it in a customer account. This helps prevent accidental data leaks.
Don't store credentials, secrets, or other sensitive information in:
These resources aren't encrypted and are accessible using ZIS APIs. Depending on your integration, data in a ZIS config or ZIS link may be accessible in connected systems. To store credentials for use in a ZIS flow, use connections instead.
Don't include sensitive information in:
ZIS outputs these values to the integration logs. Integration logs are accessible to all admins for the Zendesk account.
If able, use ZIS JSON Web Tokens (JWTs) to verify HTTP requests from your integration to third-party systems. This helps ensure the requests are legitimate. See Verifying requests with JWTs.