Security & Compliance
Operational controls that typically matter for messaging workflows.
Security basics
- Encryption in transit: HTTPS everywhere.
- Webhook verification: HMAC signatures + timestamps to prevent spoofing/replay.
- Access controls: key-based auth and route-level controls (implementation-dependent).
- Abuse prevention: rate limits and allow/deny lists.
Governance
- Audit trails: keep message metadata for troubleshooting and accountability.
- Retention: configurable retention policies depending on requirements.
- Regional constraints: provider/region selection based on policy and throughput needs.
- Opt-in/out: workflows can incorporate local compliance requirements.
Compliance needs vary by region and use case. Always validate sender-ID, consent, and retention requirements for your traffic.