Clever's goal is to set the highest bar in the industry for student data privacy and security. Learn more about our security and download our whitepaper here.
Security Best Practices
Keep secrets secret
Do not sent district-app tokens or your client secret (or full authorization headers!) through email or other non-secure channels - in fact, we recommend excluding them from your code, and only loading them as environment variables.
If our team spots a token or secret that has been sent through email, we will reset the token/secret within 24 hours.
Updated about a year ago
What's Next
Check out our security recommendations for each product, or jump right in to building your integration
| Instant Login and the Identity API |
| Keeping Instant Login Secure |
| Secure Sync and the Data API |