Some general security best practices to consider when using third-party connectors in your DaVinci flow are:

  • When passing any secrets, keys, or passwords as output variables through the HTTP connector, mark them as Secure in the connector configuration.
  • The account with the third-party service or on-premise resource should follow the principle of least privilege and only be granted the permissions necessary to perform the actions required by the connector.
  • Whenever using custom JavaScript, HTML, or CSS in a DaVinci connector, you should follow general secure coding guidelines to avoid the introduction of any security vulnerabilities, privacy violations, or other unintended behavior.