Skip to content
Sign In Get Started
Home Help Center Resellers, Affiliates API Security and Best Practices
Resellers, Affiliates

API Security and Best Practices

This article explains API security and best practices for Neofollower resellers, developers, and WooCommerce integration owners.

Last updated: June 6, 2026 3 min read Resellers, Affiliates

This article explains API security and best practices for Neofollower resellers, developers, and WooCommerce integration owners.

Quick answer

Keep your API key private, validate every order before sending it, log API responses, prevent duplicate submissions, check balance, and never expose your API key in front-end code.

API key security rules

  • Do not put your API key in JavaScript, HTML, public GitHub repositories, screenshots, or client-side code.
  • Store your API key on the server side.
  • Use environment variables or secure settings storage when possible.
  • Limit access to admin users.
  • Reset your API key if it may be exposed.
  • Do not send your full key to clients or freelancers unless absolutely necessary.
  • Remove old developers' access after work is finished.

Order validation best practices

  • Validate service ID.
  • Validate link or username format as much as possible.
  • Validate quantity against service minimum and maximum.
  • Confirm payment status before sending the order.
  • Check balance before accepting automated orders if possible.
  • Prevent duplicate submissions from repeated checkout clicks.
  • Save the Neofollower order ID after successful order creation.
  • Save the API response for troubleshooting.

Duplicate prevention

Your integration should prevent customers from accidentally submitting the same order multiple times. Duplicate API requests can create duplicate Neofollower orders, overlapping delivery, and refund disputes.

Error handling best practices

  • Show clear messages to the admin.
  • Do not expose technical API errors to customers if they are confusing.
  • Log the full response internally.
  • Mark failed orders for manual review.
  • Do not keep charging customers if order creation failed.
  • Create a safe retry process instead of blind automatic retries.

Customer communication

If you automate order creation, customers should receive a clear message after checkout explaining that the order was received and will be processed according to the selected service rules. If API order creation fails, the customer should not receive a false delivery confirmation.

Frequently asked questions

Can I expose my API key in the browser?

No. Anyone could copy it and use your balance.

Should I let customers choose any service ID?

No. It is safer to map customer-facing products to selected backend services.

What should happen when API order creation fails?

The order should be held for manual review, refunded, or retried safely according to your store policy.

Related helpdesk topics

  • Neofollower API Guide for Resellers
  • API Error Codes and Troubleshooting for Resellers

Chatbot answer guidance

When this article is used for automated support, the chatbot should first identify whether the user is a reseller, affiliate, API user, WooCommerce seller, or normal buyer. For account-specific issues, ask for the user email or account ID if available, order ID, service name, submitted link, payment reference, API request details, or affiliate referral details. Do not promise commissions, delivery times, refunds, refills, or API behavior beyond the live dashboard and current service rules.

Still need help?

Our support team is here to help with order issues, payment questions, service rules, and more.

Contact Support Start Free Account