Webapp Best Practices¶
Follow these practices when building public webapp endpoints:
- Use
Webapponly for public or semi-public resources. - Use
paramsfor readable URL parameters (example:?ref=home&lang=en). - Use
optionsfor app-level configuration. - Keep sensitive values out of URL query strings.
- For secure or user-specific links, use Webhook.
Security Reminder
Webapp URLs are public and are not cryptographically signed. Use Webhook for any sensitive or authenticated flow.