Customer Configuration
This page covers settings external integrators own. Internal SenteRail runtime configuration is not part of the public developer portal.
Customer-Owned Settings
| Setting | Purpose | Owner |
|---|---|---|
| API key or session token | Authenticates your server-side requests | Technical owner |
| Webhook endpoint URL | Receives signed SenteRail events | Backend owner |
| Webhook signing secret | Verifies event authenticity | Backend owner |
| Idempotency key strategy | Prevents duplicate state changes | Integration owner |
| Support escalation contact | Routes launch and incident questions | Business owner |
Environment Separation
Keep sandbox and live settings separate. A sandbox key should never appear in production configuration, and a live key should never appear in local tools, frontend code, or shared test fixtures.
Webhook Endpoint Configuration
Your webhook endpoint should:
- use HTTPS in production
- accept only the expected event format
- verify the SenteRail signature
- persist events before processing
- return success only after durable persistence