Security & responses
Authentication best practices, credential protection and response semantics of the Yep Platform REST API.
Hardening
Partial success
Semantics
Overview
The API received important hardening for authentication, secret storage, auditing and response semantics. This page summarizes the main behaviors integrators should expect.
Security best practices
- Store
client_id,client_secret, access token and refresh token in a secure environment. - Do not expose credentials in local logs, prints or monitoring tools without masking.
- Always use the documented standard OAuth flow.
- Rotate
client_secretif you suspect exposure.
Response semantics
Three states cover every return scenario for write operations on the API.
| Scenario | success | partial_success | Interpretation |
|---|---|---|---|
| Fully valid payload | true | false | Update fully applied. |
| Partly valid, partly invalid | true | true | Partial update with skipped items. |
| Nothing usable | false | false | Full failure — no useful data saved. |
Error and warning structures
When applicable, the API can return three diagnostic blocks:
invalid_fields
Invalid keys in the root payload.
invalid_attributes
Non-existing attributes in
additional_attributes.invalid_attribute_values
Invalid values, non-existing options, non-existing categories and invalid relationships.