Best Practices for API Integrators
Write a wrapper for the API.
Never let your users call the API directly. Instead, write an endpoint for your users. That way you can control the access to the API and monitor the usage accordingly
Host your API endpoint at a secret URL.
If you are planning on hosting your API endpoint at a URL such as an ASP, PHP or JSP page. We suggest that you use a secret URL to prevent any potential snoopers from guessing the URL on your system.
For example, you can use a URL like: http://api.mydomain.com/4x744325h85bq1ml/sendSMS.aspx
For security, use SSL.
If your API endpoint is hosted in an external or shared hosting environment, it is suggested that you use SSL to prevent your secret URL being discovered in access logs.