> ## Documentation Index
> Fetch the complete documentation index at: https://developer.salesforge.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Security best practices

> Protect API keys and reduce integration risk in production.

Follow these practices for production integrations.

## Protect secrets

* Store API keys in a secrets manager.
* Restrict secret access by environment and role.
* Avoid logging full keys.

## Limit blast radius

* Use separate keys for each environment and integration.
* Revoke compromised or unused keys immediately.

## Rotate keys

* Rotate on a fixed schedule.
* Rotate after team or vendor access changes.
* Test key rollover before revoking the old key.

## Validate failures safely

When troubleshooting auth failures:

* Check header format first.
* Confirm product and endpoint access requirements.
* Avoid sharing raw keys in tickets or chat.
