Skip to main content
Both cookbook READMEs state that these examples are starting points, not production-ready defaults.
Do not expose cookbook routes publicly until you have added product-specific auth, abuse controls, monitoring, and data-handling policies.

Required before launch

  • Authenticate and authorize every API route with user and tenant checks.
  • Apply edge and app rate limiting, throttling, and abuse controls.
  • Review CORS and CSRF policies.
  • Enforce strict request limits.
  • Set up structured logs, error reporting, and alerting for provider failures.
  • Store and rotate API keys in managed secret stores.
  • Enforce retention, deletion, and sensitive-data sanitization policies.
  • Define reliability and cost safeguards, including budgets, retries, and circuit breakers.