Customer.io Security Basics

Overview

Implement security best practices for Customer.io: secrets management for API credentials, PII sanitization before sending data, webhook signature verification (HMAC-SHA256), API key rotation, and GDPR/CCPA data deletion compliance.

Prerequisites

• Customer.io account with admin access
• Understanding of your data classification (what is PII)
• Secrets management system (recommended for production)

Instructions

Step 1: Secure Credential Storage

// lib/customerio-secrets.ts
// NEVER hardcode credentials — use environment variables or a secrets manager