Security Overview

Vetrol takes security seriously. This section covers best practices for keeping your integration secure.

Credential management

• Store API credentials in environment variables, never in source code
• Rotate your Auth Token periodically
• Use separate credentials for development, staging, and production

Validating webhook signatures

Always validate webhook signatures to ensure requests truly come from Vetrol.

HTTPS only

Always use HTTPS for your webhook endpoints. Vetrol will not send webhooks to HTTP endpoints.

IP allowlisting

You can restrict API access to specific IP addresses from the Console under Settings → Security → IP Allowlist.