> ## Documentation Index
> Fetch the complete documentation index at: https://docs.politicalcomms.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Best Practices

> API key security, caching recommendations, rate limit strategies, and date range optimization.

## API key security

* Store API keys in environment variables or secret management systems.
* Never commit API keys to version control or expose them in client-side code.
* Rotate API keys regularly and immediately revoke compromised keys.
* Use separate API keys for different applications and environments.

## Caching recommendations

* Cache hierarchy data for **5–10 minutes** (changes infrequently).
* Cache historical project/message stats for **completed date ranges** indefinitely.
* Use shorter TTLs (**1–2 minutes**) for current-day statistics.
* Implement cache invalidation when you detect data changes.

## Rate limiting strategies

* Monitor `X-RateLimit-Remaining` on every response.
* Implement **exponential backoff** for `429` responses.
* Use caching to reduce the number of API calls needed.
* Batch operations when possible (e.g., query larger date ranges).

## Date range optimization

* Use the **maximum 31-day range** when fetching historical data.
* Request only the specific date ranges you need.
* Use hierarchy filters (`organization_id`, `brand_id`, `campaign_id`) to reduce data volume.
* Cache aggregated results for reporting dashboards.

## Webhook reliability

* Return `200` within **10 seconds** (process asynchronously if needed).
* Always validate the **HMAC signature** before processing.
* Use `event_id` to **deduplicate** (rare but possible).
* Log failures and monitor your endpoint health.
* Use **HTTPS** endpoints (required in production).
* **Rotate secrets** periodically (every 90 days recommended).