Best Practices
Production integration guidance for reliability, security, and observability.
Security and Access
Treat API keys as secrets and scope them tightly by use case and environment.
- - Use separate keys per service and environment
- - Rotate keys on schedule and after team changes
- - Prefer scoped permissions over workspace-admin keys
Reliability
Implement retries with exponential backoff and jitter.
For high-volume systems, queue outbound requests and control concurrency to absorb spikes.
- - Make mutation requests idempotent where practical
- - Protect downstream services with backpressure and circuit breaking
- - Validate fallback behavior in staging before promotion
Observability
Capture latency, error rate, and request IDs for every call path into ServoAgent APIs.
- - Alert on sustained 429 and 5xx rates
- - Track p50/p95/p99 latency by endpoint
- - Correlate webhook events back to originating run IDs