Store keys securely
Keep API keys in environment variables or a secret manager. Never commit keys to version control or embed them in client-side code.Handle errors gracefully
- Retry on
429and5xx— these are transient errors. Use exponential backoff. - Do not retry on
4xx(except429) — these indicate issues that require a code change. - Check
errorcodes programmatically — match on codes likeNOT_A_MEMBERorLINK_NOT_FOUNDrather than parsing message strings.
Use pagination
Do not assume all results fit in a single page. Always check thehasMore field and iterate through pages when processing large datasets.
See Pagination for details.
Plan for key rotation
Design your integration so that API key rotation causes no downtime. Store the key in a single, easily updatable location (environment variable, secret manager) so rotating it requires only one change.Handle presigned URLs correctly
Recording resource endpoints (video, thumbnail, console log, network log, action) return presigned URLs that expire after a limited time. Always fetch these URLs on demand and do not cache or persist them. See Recording Resources for details.Understand soft deletes
Deleted recordings and links return410 Gone rather than 404 Not Found. This confirms the resource previously existed but has been removed. Handle both status codes appropriately in your integration.
CORS considerations
The public API endpoints allow requests from any origin (Access-Control-Allow-Origin: *) with credentials disabled. The API is designed for server-to-server usage. Avoid making API calls directly from customer-facing browser applications.
Related
Rate Limits
Rate limit thresholds and retry strategies
Error Handling
Error codes and response format reference
Authentication
Secure your API requests with Bearer tokens
Recording Resources
Handle presigned URLs for recording assets