Security notes

Isolation, workspace scoping, webhook dispatch, and TLS.

The Public API is designed so that external automation never touches internal Satellyte flows or other customers' workspaces.

Key properties

The Public API is isolated from internal frontend APIs. Your key cannot reach internal flows.
Every API key maps to exactly one workspace. Reads and writes never cross workspaces.
Webhook dispatch (/leads/push with destination: webhook_url) captures only the destination's HTTP status code and response body in provider_status_code and provider_response; nothing else is forwarded.
Unknown or missing lead IDs are returned transparently in missing_lead_ids or as 404 lead_not_found. The API never returns data from another workspace.
Feedback events cannot mutate leads that do not belong to the mapped workspace.
TLS-only. All endpoints require HTTPS.

What this means for you

Treat your API key as a secret. If a key is exposed, rotate it through your account contact. Workspace isolation is enforced server-side; you do not need to add filtering on your end.