Security
Miniback is designed with privacy and security in mind.
Domain Restrictions
- Restrict which domains can use your widget (set in dashboard)
- Configure allowed domains with wildcard support
- Secure your widget from unauthorized use
๐ Complete Domain Management Guide โ
API Keys
- Generate project-level API keys for programmatic access
- Never expose API keys in client-side code
- Use environment variables and secure storage
- Regenerate keys if compromised
๐ Complete API Security Guide โ
Network Log Redaction
When network capture is enabled, Miniback automatically redacts sensitive data before logs are stored:
- Sensitive headers (e.g.
authorization,cookie,x-api-key) are stripped by default - Sensitive body keys (e.g.
password,token,accessToken) are stripped by default - You can add your own custom header and body-key rules per project
๐ Bug Context Capture Guide โ Redaction Rules
Privacy
- No user tracking, no session replay
- Interaction breadcrumbs mask input values and redact sensitive URL parameters
- Screenshots are optional and only captured when the user chooses to add one
- GDPR compliant
Related Guides
- Domain Management - Detailed domain configuration
- API Security Best Practices - Secure API usage
- API Reference - API documentation
- Troubleshooting - Common issues
Last updated on