Server API
Backend integrations should stay explicit about authentication, retries, timeouts, and how client identifiers are validated.Baseline checklist
- authenticate every request
- separate staging and production credentials
- log failures with enough context for support
- treat client-sent identifiers as inputs, not proof