ZIS provides a range of security options to help you ensure your sensitive information stays secure. When creating a ZIS integration, follow these best practices to protect your private data and reduce the risk of a security breach.

Build in a test account

Build and test your integration in a sponsored test account before running it in a customer account. This helps prevent accidental data leaks.

Store secrets in ZIS connections

Don't store secrets or sensitive information in:

These resources aren't encrypted and are accessible using ZIS APIs. Depending on your integration, data in a ZIS config or ZIS link may be accessible in connected systems. To store secrets for use in a ZIS flow, use ZIS connections instead.

Don't log sensitive information

Don't include sensitive information in:

ZIS outputs these values to the integration logs. Integration logs are accessible to all admins for the Zendesk account.

Verify requests from ZIS

If able, use ZIS JSON Web Tokens (JWTs) to verify HTTP requests from your integration to third-party systems. This helps ensure the requests are legitimate. See Verifying requests with JWTs.