This guide will be removed on April 29, 2022. Please use our new, easier-to-use Toast technical documentation site. All updated content is on the new site.

Indicators of credential compromise

If any of the following things occurs, your API credentials are considered compromised. Contact Toast support immediately so that you can receive a new client secret.

  • Your client secret is committed to a repository that is not a purpose-built secret management service.

  • Your client secret is deployed in your code.

  • Somebody sends your client secret in plain text via email or on a messenger application.

  • Your client secret is displayed on a screen-share recording that is saved to the cloud.

  • You have any other known or suspected security breach.