Authenticate the caller
Use a verified, revocable workspace key and keep its raw value out of logs, tickets, screenshots, and browser storage.
API security checklist
A secure proxy path needs more than one rate limit. Use this checklist to review caller authentication, tenant scope, approved destinations, credential separation, bounded resource use, privacy-safe evidence, and operational recovery.
Practical boundaries
Use a verified, revocable workspace key and keep its raw value out of logs, tickets, screenshots, and browser storage.
Resolve the active workspace server-side and include its identifier in every protected object query or mutation.
Prefer exact public hosts; use explicit one-level wildcards only when the integration genuinely requires them.
Never forward a ThrottleProxy key, cookie, proxy authorization value, or forwarding credential to an upstream provider.
Cap queue depth, concurrency, request bytes, response bytes, idle time, and absolute upstream duration.
Preserve safe stage, status, timing, host, and path context while redacting credentials, query values, bodies, and unsafe errors.
Document revocation, role review, incident escalation, migration order, smoke checks, and rollback before launch.
No. It is an operational review aid, not a certification, warranty, or external audit.
No. Proxy authentication and provider authentication are separate trust boundaries.
Use sanitized stages, status categories, approximate timestamps, and safe correlation context—never credentials or raw request bodies.
Use one workspace key, one exact public host, and non-sensitive test traffic.