Technical hosts, teams, and collaborators using developer or integration features.
I want to use developer settings without exposing private tokens or attendee data.
Developer settings can affect real data
Developer features are useful for integrations, automation, and technical workflows. They can also touch events, registrations, organizations, and attendee data.
Use them carefully. A leaked token can create privacy, billing, or operational risk depending on what the token can access.
Token safety rules
Store tokens in a secure secret manager or environment variable.
Never commit tokens to GitHub or share them in screenshots.
Do not send tokens to support unless support explicitly provides a secure process.
Use the least access needed for the integration.
Rotate or revoke tokens when a teammate leaves or a secret may be exposed.
Avoid using production attendee data for unnecessary tests.
When an integration breaks
Check the workflow
Identify whether the issue affects event creation, event updates, registrations, attendee export, payments, or another integration path.
Review recent changes
Look for token rotation, permission changes, organization changes, API response changes, or deployment changes.
Capture safe evidence
Send endpoint path, timestamp, error code, request ID from logs when you have one, and redacted screenshots.
Redact secrets
Remove bearer tokens, API keys, private URLs, attendee emails, card details, and identity data unless support gives a secure instruction.
Contact support
Use support with safe debugging details and explain the business impact.
Never commit secrets
Do not commit API tokens, payment secrets, webhook secrets, database URLs, or private keys to a repository. If a secret is committed, rotate it immediately.
FAQ
Can I send an API token to support?
No, not in a normal support message. Share safe context first. Support can ask for a secure process if a secret is truly required.
What should I do if a token was exposed?
Revoke or rotate it as soon as possible, then review recent integration activity and contact support if attendee or event data may be affected.
Can I test with real attendee data?
Avoid it unless necessary. Use minimal, redacted, or test data whenever possible.
Related guides
Keep payment and identity information safe
Sensitive financial and identity details belong in secure provider flows, not ordinary messages.
Read guideCreate and manage host organizations
Organizations help teams host together, but access and attendee data should stay intentional.
Read guideAsk AI support or report a bug
Clear support requests are faster to diagnose. Include the route, event context, expected result, and actual result.
Read guide