# Security Best Practices for Integrating Unizen

**API Key Management**

* Use Environment Variables: Store API keys securely in environment variables. Never hard-code API keys in your source code or share them publicly.
* Rotate API Keys Regularly: Regularly rotate your API keys to reduce the risk of compromised credentials.
* IP Whitelisting: Enable IP whitelisting to ensure that only authorized IP addresses can make API requests to your Unizen integration.

**Securing API Endpoints**

* Disable CORS: Ensure that your API is configured to disable Cross-Origin Resource Sharing (CORS) to prevent unauthorized access.
* Use HTTPS: All requests to the Unizen API should be made over HTTPS to protect sensitive data in transit.
* Enable Rate Limiting: Implement rate limiting to prevent abuse and denial-of-service (DoS) attacks.

**Example: Setting up IP Whitelisting**

You can restrict API access to certain IPs by configuring IP whitelisting in the Unizen Integrator’s Portal. This helps ensure that only requests from your servers are processed.

By providing concrete steps and examples on how to secure API keys, handle sensitive data, and configure IP whitelisting, this article becomes more actionable and useful for developers.

<br>

###


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.unizen.io/api-introduction/security-best-practices-for-integrating-unizen.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.