Now that you have integrated with the Runa API and are ready to go live there are a few things you should consider to ensure your integration is reliable and secure.

๐Ÿ”’ Securing your account

While its easy to generate a key to get started with the API you should consider how you handle and store your API key.

  • See the page on authentication for more details on how to generate and use an API key.
  • See the page on security for more details on how to keep your API key secure.
  • Consider enabling IP restrictions on your API keys to limit access to only your servers.

๐Ÿ”„ Making retries safe

While we strive to provide a reliable service, network issues can and at a certain scale will occur. Your integration should be prepared to handle cases where you donโ€™t receive a response to a request.

See the page on idempotency for details on how to use the idempotency key feature to safely retry orders without duplicating them. We require the use of an idempotency key for ordering but it is up to you to set a suitable key.

๐Ÿ›‘ Handling error responses

The API endpoints can return multiple types of errors. Some of these are client errors (4xx error codes) and some are server errors (5xx error codes). You should be prepared to handle both types of errors. We group errors by HTTP status code but the specific detail is in the response body of the error.

See the page on error handling for more details on what errors we do return and how to handle them.

๐Ÿ”ข Rate limiting

We use a number of safeguards to protect against bursts of traffic to protect our systemโ€™s stability. If you are making a large number of requests in a short period of time you may receive a 429 Too Many Requests response. This means you are being rate limited and should slow down your requests.

See the page on rate limiting for more details on our limits and how to handle them.

โญ Keeping up to date with new features

Weโ€™re continuously making improvements and adding new features to our API offering. Most changes are not breaking and donโ€™t require you to update your integration. However periodically we release a new dated version of the API that does.

You should be aware of which version you have integrated with, every response contains an X-Api-Version header that tells you which version you are using. You can also set the version you want to use by sending an X-Api-Version header in your requests.

See the page on API versioning for more details on how to set and upgrade your API version.