Skip to main content
Follow these best practices to build reliable integrations with the G-Tateth API.

API Keys

Security

  • Never commit API keys - Use environment variables or secret management
  • Rotate keys regularly - Set up automatic rotation (90 days recommended)
  • Use separate keys - Different keys for different environments/applications
  • Limit permissions - Only grant the minimum permissions needed
  • Use IP whitelisting - Restrict access to known IP addresses

Organization

  • Name keys descriptively - “Production API - Main App”
  • Document key usage - Keep track of where each key is used
  • Monitor usage - Regularly check API key usage statistics

Error Handling

Always Handle Errors

try {
  const response = await client.conversations.list();
} catch (error) {
  if (error.code === 'RATE_LIMIT_EXCEEDED') {
    // Handle rate limit
  } else if (error.code === 'API_KEY_INVALID') {
    // Handle invalid key
  } else {
    // Handle other errors
  }
}

Retry Logic

Implement exponential backoff for transient errors: 
async function retryWithBackoff(fn, maxRetries = 3) {
  for (let i = 0; i < maxRetries; i++) {
    try {
      return await fn();
    } catch (error) {
      if (i === maxRetries - 1) throw error;
      await sleep(Math.pow(2, i) * 1000);
    }
  }
}

Performance

Caching

Cache responses that don’t change frequently: 
const cache = new Map();

async function getCustomer(id) {
  if (cache.has(id)) {
    return cache.get(id);
  }
  
  const customer = await client.customers.get(id);
  cache.set(id, customer);
  return customer;
}

Pagination

Always use pagination for list endpoints: 
async function getAllConversations() {
  let page = 1;
  let allConversations = [];
  
  while (true) {
    const response = await client.conversations.list({ page, limit: 50 });
    allConversations.push(...response.data);
    
    if (page >= response.pagination.totalPages) break;
    page++;
  }
  
  return allConversations;
}

Batch Operations

When possible, batch multiple operations: 
// Instead of multiple requests
for (const id of customerIds) {
  await client.customers.get(id);
}

// Use batch endpoint if available
await client.customers.list({ ids: customerIds });

Webhooks

Signature Verification

Always verify webhook signatures: 
const crypto = require('crypto');

function verifyWebhook(payload, signature, secret) {
  const hash = crypto
    .createHmac('sha256', secret)
    .update(JSON.stringify(payload))
    .digest('hex');
  
  return crypto.timingSafeEqual(
    Buffer.from(signature),
    Buffer.from(`sha256=${hash}`)
  );
}

Idempotency

Make webhook handlers idempotent: 
const processedEvents = new Set();

async function handleWebhook(event) {
  if (processedEvents.has(event.id)) {
    return; // Already processed
  }
  
  // Process event
  await processEvent(event);
  
  processedEvents.add(event.id);
}

Quick Response

Respond to webhooks quickly (within 5 seconds): 
app.post('/webhooks/g-tateth', async (req, res) => {
  // Acknowledge immediately
  res.status(200).send('OK');
  
  // Process asynchronously
  processWebhookAsync(req.body);
});

Testing

Use Test Keys

Always use test keys (sk_test_...) in development: 
const apiKey = process.env.NODE_ENV === 'production'
  ? process.env.G_TATETH_LIVE_KEY
  : process.env.G_TATETH_TEST_KEY;

Mock Responses

Mock API responses in tests: 
jest.mock('@g-tateth/sdk', () => ({
  createClient: () => ({
    conversations: {
      list: jest.fn().mockResolvedValue({
        data: [],
        pagination: { total: 0, page: 1, limit: 50 }
      })
    }
  })
}));

Monitoring

Log Requests

Log all API requests for debugging: 
client.interceptors.request.use(config => {
  console.log(`[API] ${config.method} ${config.url}`);
  return config;
});

Track Usage

Monitor your API usage: 
async function checkUsage() {
  const usage = await client.analytics.getUsage();
  console.log(`Used ${usage.totalRequests} requests this month`);
}

Versioning

API Version

Always specify the API version in your requests: 
https://api.g-tateth.com/api/v1/conversations

SDK Updates

Keep your SDKs up to date: 
npm update @g-tateth/sdk

Support

If you encounter issues:
  1. Check the API Reference
  2. Review the Authentication Guide for error handling
  3. Contact Support