This guide will be removed on April 29, 2022. Please use our new, easier-to-use Toast technical documentation site. All updated content is on the new site.

Don't do this

It is best not to do the following things:

  • Do not store API credentials in your Toast integration code.

  • Do not store API credentials in any repositories saved to the cloud, whether public or private.

  • Do not display your client secret while using a screen-sharing service.

  • Do not send an unencrypted client secret via email or in a messenger application.