Security - Smokeball

On this page

Best Practices
Secure Token Storage
Token Handling
Resources

This guide covers essential security practices for handling authentication tokens and securing your app on the Smokeball platform.

Best Practices

Here are essential security practices for handling OAuth 2.0 authentication tokens in your application:

Secure Token Storage

Never store access tokens or refresh tokens in client-side code, local storage, or cookies
Store tokens securely on your backend server using:
- Encrypted databases
- Key management services (AWS KMS, Azure Key Vault, etc.)
Use environment variables for sensitive credentials in development
Implement proper access controls and audit logging for token access

Token Handling

Only transmit tokens over HTTPS/TLS
Implement token refresh using the supplied refresh token
Revoke compromised tokens immediately or contact us if you think you have been compromised

Resources

Sharing your app Common issues