Managing Nibble API Secrets

When your Nibble account is created, you are issued a Nibble API Key and Nibble API Secret. The API Key tells the Nibble API which account is accessing it; the API Secret provides secure verification. Therefore, the API Secret must be stored securely and never shared with users. This includes:

  1. Do not embed the API Secret in any HTML, JavaScript or other web frontend that a user has access to.
  2. Do not embed the API Secret in a mobile app in such a way that a malicious user could access it.
  3. Avoid committing the API Secret to source control.
  4. Try to store the API Secret in secure storage appropriate for your development and deployment platforms.
  5. If you have reason to believe your API Secret has been compromised, contact your Account Manager and new credentials will be issued to you.

Applying Nibble Discounts

Once a discounted price has been agreed in the Nibble chat widget, it is your responsibility to apply that discount to the user’s cart and/or items.

You must take care to ensure that users cannot tamper with Nibble data. You must validate the Nibble result from a secure location (i.e. server backend) using the Nibble API Secret. We offer two validation approaches:

  1. API Call: You can call the Get Nibble endpoint from your server to securely obtain the negotiated result.
  2. Cryptographic Validation: The data returned from the Nibble chat widget contains a payload signed using your Nibble API Secret. This payload can be validated on your server to confirm that the data provided is as agreed by Nibble.

You must take care to prevent misuse or abuse, For example:

  • Ensure that users cannot apply the discount to items other than those agreed on
  • Ensure that if a user changes quantity, the discount is no longer applied
  • Ensure that a user cannot keep a discount in their cart for long periods of time
  • Ensure that the discount is applied in the correct currency
  • For cart negotiations, ensure that if the cart is modified the discount is invalidated