Security

Security is a top priority for the Lightyshare API. This guide covers best practices to keep your integration secure.

API Token Security

Token Storage

  • Never hardcode tokens in your source code
  • Use environment variables or secure configuration management
  • Store tokens securely in your application’s configuration

Token Management

  • Rotate tokens regularly for enhanced security
  • Use different tokens for different environments (development, staging, production)
  • Monitor token usage through your dashboard
  • Revoke compromised tokens immediately

Request Security

HTTPS Only

All API requests must use HTTPS. HTTP requests will be rejected. 
# ✅ Correct
curl -H "Authorization: Bearer YOUR_TOKEN" \
     https://lightyshare.com/api/token-secured/rental/123

# ❌ Incorrect
curl -H "Authorization: Bearer YOUR_TOKEN" \
     http://lightyshare.com/api/token-secured/rental/123

Input Validation

Always validate and sanitize data before sending it to the API:
  • Validate required fields before making requests
  • Sanitize user input to prevent injection attacks
  • Check data types and formats
  • Enforce length limits on string fields

Error Handling

Secure Error Handling

  • Don’t expose sensitive information in error messages
  • Log errors securely without exposing tokens or sensitive data
  • Implement proper retry logic with exponential backoff

Rate Limiting

The API implements rate limiting to prevent abuse: 
{
  "error": "Request limit exceeded"
}
When you receive a 429 response, respect the Retry-After header: 
Retry-After: 60

Data Protection

Personal Data

  • Minimize data collection to only what’s necessary
  • Encrypt sensitive data in transit and at rest
  • Follow data retention policies and delete data when no longer needed

Access Control

  • Implement proper access controls in your application
  • Use the principle of least privilege - only request access to what you need
  • Regularly audit access and permissions

Best Practices Summary

  1. Use HTTPS for all requests
  2. Store tokens securely using environment variables
  3. Rotate tokens regularly
  4. Validate and sanitize all input data
  5. Implement proper error handling
  6. Respect rate limits
  7. Monitor for suspicious activity
  8. Keep your integration updated

Security Checklist

  • All requests use HTTPS
  • API tokens are stored securely
  • Input validation is implemented
  • Error handling doesn’t expose sensitive data
  • Rate limiting is respected
  • Tokens are rotated regularly
  • Access is audited regularly