LogoLogo
  • Introduction to Unizen
    • Unizen Overview
      • Unizen Liquidity Distribution Mechanism (ULDM)
        • ULDM Performance
      • Unizen Interoperability Protocol (UIP)
        • LayerZero
        • DeBridge
        • Stargate
        • Celer
        • Axelar
        • Thorchain
    • Unizen Dashboard
      • General
      • Portfolio
      • History
    • Unizen Trade
      • Fees
    • Unizen Explore
      • Unizen Omni-Chain Data Pool
    • Unizen Earn
  • ZCX
    • Token Utility
    • Tokenomics
  • API - Introduction
    • Introduction
    • Before you get started
      • Understanding Price Impact and Price Slippage in Token Swaps
      • Token Allowance Management for Non-updatable Allowance Tokens
      • Tokens with taxes
      • Wrapping and Unwrapping Native Tokens
      • Quote expiration deadline
    • Security Best Practices for Integrating Unizen
      • Why disable CORS
      • How to integrate with a reverse proxy
    • Version 2 of our smart contracts
      • Migration to smart contract v2
  • API - GET STARTED
    • QuickStart guide
    • Swagger
    • Information endpoints
      • GET /trade/v1/info/chains
      • GET /trade/v1/info/sources
      • GET/v1/info/cross-providers
      • GET /trade/v1/info/token/search
      • GET /v1/info/token/popular
      • GET /trade/v1/info/token/{chainId}/{tokenAddress}
      • GET /trade/v1/info/tokenLogo/{chainId}/{tokenAddress}
      • GET /info/thorchain-inbound-address
      • GET /trade/v1/info/tx/{txHash}
      • GET /trade/v1/info/trade/{chainId}/{txHash}
      • GET /trade/v1/info/trades
    • Approval
      • GET /trade/v1/{chainId}/approval/spender
      • GET /trade/v1/{chainId}/approval/transaction
      • GET /trade/v1/{chainId}/approval/allowance
    • Single-Chain Swap
      • GET /trade/v1/{chainId}/quote/single
      • GET /trade/v1/{chainId}/swap/single
      • Send transaction in evm chains
      • Send transaction in Solana
    • Cross-Chain Swap
      • GET /trade/v1/{chainId}/quote/cross
      • GET /trade/v1/{chainId}/swap/cross
      • Send transaction
    • Gasless orders
      • POST /trade/v1/gasless/typed-data
      • POST /v1/gasless/estimate
      • POST /v1/gasless/create
      • POST /v1/gasless/cancel
      • GET /trade/v1/gasless/status/{orderId}
      • GET /v1/gasless/orderByAddress/{address}
    • UTXO Assets and Cosmos Swap
      • GET /trade/v1/{chainId}/quote/cross 1
      • GET /trade/v1/{chainId}/swap/cross
      • Sending transactions
    • Efficient Quote Retrieval with Batch Processing
      • GET /trade/v1/{chainId}/batch_quote/single
    • Error Messages
  • GASLESS TRADES
    • Obtaining gasless quotes
    • Gas estimation
    • Executing the trade
    • Following the orders
  • On-Chain Contracts - Get Started
    • Integration with Unizen Contracts for Token Swapping
    • Registering Errors on Smart Contract Calls
  • PERMIT2
    • What is Permit2?
    • Usage in our api
  • WIDGET - Get Started
    • Embed the Unizen Widget
    • Playground
  • Other
    • Smart Contracts
    • Security Audits
    • Roadmap
  • links
    • Unizen
    • Marketing Website
    • Medium
    • Twitter
    • Discord
    • Telegram
Powered by GitBook
On this page

Was this helpful?

  1. API - Introduction

Security Best Practices for Integrating Unizen

Ensuring that your Unizen integration is secure is essential for protecting both your application and your users. Below are best practices to follow when working with Unizen’s API.

API Key Management

  • Use Environment Variables: Store API keys securely in environment variables. Never hard-code API keys in your source code or share them publicly.

  • Rotate API Keys Regularly: Regularly rotate your API keys to reduce the risk of compromised credentials.

  • IP Whitelisting: Enable IP whitelisting to ensure that only authorized IP addresses can make API requests to your Unizen integration.

Securing API Endpoints

  • Disable CORS: Ensure that your API is configured to disable Cross-Origin Resource Sharing (CORS) to prevent unauthorized access.

  • Use HTTPS: All requests to the Unizen API should be made over HTTPS to protect sensitive data in transit.

  • Enable Rate Limiting: Implement rate limiting to prevent abuse and denial-of-service (DoS) attacks.

Example: Setting up IP Whitelisting

You can restrict API access to certain IPs by configuring IP whitelisting in the Unizen Integrator’s Portal. This helps ensure that only requests from your servers are processed.

By providing concrete steps and examples on how to secure API keys, handle sensitive data, and configure IP whitelisting, this article becomes more actionable and useful for developers.

PreviousQuote expiration deadlineNextWhy disable CORS

Last updated 7 months ago

Was this helpful?