Overview

Security is a core part of any Begini integration.

Begini is designed to ensure that data is transmitted, processed and stored securely, while giving you the tools needed to protect your own systems and workflows.

This section outlines the key security components you need to understand when integrating with Begini.

---

Core security components

A typical Begini integration involves several layers of security:

• API authentication
• Webhook verification
• Environment separation
• Secure data handling

Each of these plays a role in protecting both your system and your users.

---

API authentication

All API interactions with Begini are secured using API keys.

These keys are:

• Unique to your integration
• Used to authenticate requests
• Required for creating sessions and accessing data

Your API key should be treated as a secret and never exposed publicly.

For more detail, see:

• API Authentication Guide

---

Webhook security

Webhook requests from Begini include an HMAC signature in the X-Signature header.

This allows your system to:

• Verify the authenticity of incoming requests
• Ensure payload integrity
• Prevent unauthorised or forged requests

For more detail, see:

• Securing Webhooks (HMAC)

---

Environment separation

Begini supports different environments to allow safe testing and deployment.

Typically this includes:

• Test or sandbox environment
• Production environment

Each environment has:

• Separate API keys
• Separate configurations
• Independent data flows

This ensures that testing does not affect live operations.

For more detail, see:

• Environments (Sandbox vs Production)

---

Data handling and transmission

All communication with Begini should occur over secure channels.

This includes:

• HTTPS for API requests
• HTTPS for webhook endpoints

You should also ensure that:

• Sensitive data is handled securely within your system
• Logs do not expose confidential information
• Access to data is restricted appropriately

---

Access control

Access to Begini should be limited to authorised users and systems.

This includes:

• Restricting access to API keys
• Managing user access within Beacon
• Controlling who can configure integrations and deployments

For more detail, see:

• Managing Users & Access

---

Secure integration design

When integrating Begini, your system should be designed to:

• Validate all incoming data
• Handle errors safely
• Avoid exposing sensitive information
• Protect against replay or duplicate requests

This ensures your integration remains stable and secure over time.

---

Common risks to avoid

• Exposing API keys in client-side applications
• Not validating webhook signatures
• Mixing test and production environments
• Logging sensitive data (keys, payloads, identifiers)
• Granting excessive access to users or systems

---

Best practices

• Store API keys securely (e.g. environment variables)
• Verify all webhook requests using HMAC
• Separate test and production environments clearly
• Use HTTPS for all communication
• Monitor and audit access regularly

---

Next steps

To implement security correctly:

• API Authentication Guide
• Environments (Sandbox vs Production)
• HMAC Verification Guide
• Security Best Practices