Blostem FD SDK Documentation
FD SDK Authentication and Access Control
Understand the access-control, credential-management, and user-context principles for a secure FD SDK integration.
Last updated: 17 July 2026
Protect partner credentials
Integration credentials must be treated as secrets and stored in an approved secret-management system. They should never be committed to source control, exposed in client logs, or embedded in public documentation.
- Separate sandbox and production credentials
- Restrict access by environment and role
- Rotate credentials through the approved support process
- Redact sensitive values from logs and support tickets
Establish trusted user context
The host platform remains responsible for authenticating its user before launching the FD journey. The exact identity and session exchange is agreed during technical onboarding and validated in sandbox before production access is enabled.