System Functions
Integrations
Meraki Integration - Done
29 min
functional specification 1\ introduction 1 1 purpose this document outlines the functional requirements and specifications for integrating cloud managed network platforms (such as cisco meraki, aruba central, ubiquiti unifi) with the commandit platform the primary goal is to provide managed service providers (msps) using commandit with centralized visibility into client network organizations/sites, logical network containers, devices (switches, aps, firewalls, mv cameras, mg gateways, mt sensors, etc ), configurations, licenses, and key operational logs including sensor readings and webhook events this integration aims to streamline monitoring, inventory management, documentation, troubleshooting, reporting, and license tracking for these environments managed across multiple clients 1 2 scope in scope secure authentication mechanism using vendor specific api keys or oauth tokens configuration within commandit for msps to manage integrations for different client networks/sites across supported vendors scheduled synchronization of key inventory data organizations/sites, managed networks, devices (switches, aps, firewalls, cameras (basic inventory), gateways (mg) , sensors), configuration templates (meraki), switch port profiles (meraki), licenses synchronization of meraki mt sensor readings, status, and basic health (e g , battery) via api polling real time event ingestion via meraki webhooks for critical mt sensor alerts and mx network/security events synchronization of client connectivity history per device via api polling synchronization of wan uplink performance history (loss/latency) where available via api synchronization of core network configurations vlans, ssids, firewall rules via api polling automated backup and historical tracking of network device configurations via api polling synchronization of key operational logs configuration changes, network events, security events via api polling mapping synced data to relevant commandit schema entities (organizations, managednetworks, devices incl tags, wirelessnetworks, vlans, firewallrules, auditlog, deviceeventlogs, securitythreatevents, deviceconfigurationhistory, externalsystemidentifiers, softwarelicenses, deviceclienthistory, wanlinkperformancelog, merakiconfigurationtemplates, merakiswitchportprofiles, environmentalsensors, environmentalreadings, devicebattery, alerts, etc ) providing data views and reports within commandit based on the synchronized information generating alerts within commandit based on specific events or configuration data retrieved from the apis or received via webhooks out of scope (initial version) configuration push direct modification of configurations via api from commandit real time event streaming via mqtt (for mt data) synchronization of mv sense analytic event data (object counts, motion alerts, etc ) deep traffic analysis detailed historical log storage for wireless health retrieval/storage of video footage from mv cameras deployment/management of custom cv models on mv cameras 1 3 goals provide msps/admins with a single pane of glass for key managed network information across multiple clients and potentially multiple vendors automate the collection of inventory, configuration, status, license, template/profile definitions, sensor readings, and key historical performance/connectivity data via api polling receive and process critical real time alerts for mt sensors and mx devices via webhooks enable proactive alerting based on network events, configuration states, sensor thresholds, and webhook events reduce manual effort required for documenting and monitoring managed networks enhance visibility into network structure, device configurations, applied standards, security events, operational changes, licensing status, client connectivity, wan performance, and environmental conditions establish a foundation for future configuration management and automation capabilities 2\ architecture overview the integration will leverage the specific vendor's dashboard api (e g , meraki api v1) for polling data and webhook infrastructure for receiving real time events connections managed via integrationinstances authentication via api keys or oauth tokens , stored securely scheduled background jobs for api polling based synchronization a dedicated backend endpoint to receive incoming webhook notifications from vendors like meraki sync jobs and webhook processors will populate commandit schema tables error handling and logging for both sync jobs and webhook processing api rate limits handled gracefully for polling jobs 3\ msp setup & configuration 3 1 api key/credential generation & security (guidance) provide clear guidance per supported vendor on generating api keys/credentials using dedicated service accounts with least privilege read only permissions emphasize secure storage 3 2 secure key/credential storage implement secure storage for api keys/tokens linked to integrationinstances via credentials/credentialusage 3 3 managing integrations implement backend api (crud) for vendor specific integrationinstances integration instance creation requires link to commandit client organization (org id), integration type (e g , 'merakiapi'), user defined name, link to stored credential id (msp's api key) initial status should be 'pendingconfig' organization mapping ui (within integration instance detail/edit screen) provide a button "discover/refresh accessible organizations" action triggers backend call using the linked credential id to get /organizations (or vendor equivalent) display shows a list/dropdown of organizations returned by the api (name, external id) action msp user selects the specific external organization from the list that corresponds to the commandit client organization this integrationinstance is linked to action upon selection, save the chosen external organization id to the integrationinstances external organization id field update status from 'pendingconfig' to 'ok' (if connection test also passes) webhook receiver configuration display the unique commandit endpoint url for the vendor's webhook configuration allow configuration of a shared secret for validating incoming webhooks (if supported by vendor) potentially allow enabling/disabling webhook processing for the instance api connection test include function to verify api key and basic access to the mapped external organization id 4\ client setup & configuration (vendor dashboard permissions & webhooks) msp admin account (whose api key is used) needs necessary read only permissions in the vendor dashboard for the specific client organization mapped in task 3 3 msp must configure webhook destinations within the vendor platform (e g , meraki dashboard > network wide alerts > http servers) pointing to the url provided by commandit (from task 3 3) and using any required shared secret 5\ backend data synchronization & event processing 5 1 sync job architecture (api polling) scheduled background jobs per active ('ok' status) vendor specific integrationinstance jobs retrieve the target external organization id from the integrationinstance record jobs use stored api credentials associated with the instance different schedules possible for inventory vs logs vs performance data 5 2 api calls & data mapping (read sync vendor api > commandit) (api calls are scoped using the mapped external organization id meraki examples used where applicable) organizations/sites get /organizations > externalsystemidentifiers, organizations (map external organization id during setup task 3 3) optionally sync other org details networks (logical containers) get /organizations/{external organization id}/networks > managednetworks devices (incl mv cameras, mt sensors, mg gateways) get /organizations/{external organization id}/devices, get /networks/{networkid}/devices, get /devices/{serial} > upsert devices map properties including tags store vendor device id in externalsystemidentifiers link devices managed network record id (for mv/mt/mg, ensure basic inventory fields like model, serial, status, firmware are mapped) device status get /organizations/{external organization id}/devices/statuses > update devices status management interface get /devices/{serial}/managementinterface > update devicenetworkadapters or devices configuration vlans get /networks/{networkid}/appliance/vlans > populate vlans wireless ssids get /networks/{networkid}/wireless/ssids/{number} > populate wirelessnetworks store associated fw rules in firewallrules firewall rules get /networks/{networkid}/appliance/firewall/ rules > populate firewallrules configuration backups get /networks/{networkid}/devices/{serial}/configuration > populate deviceconfigurationhistory configuration changes log get /organizations/{external organization id}/configurationchanges > populate auditlog network events log get /networks/{networkid}/events > populate deviceeventlogs security events log get /networks/{networkid}/appliance/security/events > populate securitythreatevents vendor licenses get /organizations/{external organization id}/licenses > populate softwarelicenses client connectivity history get /devices/{serial}/clients > populate deviceclienthistory wan uplink performance history get /organizations/{external organization id}/uplinkslossandlatency or /devices/{serial}/lossandlatencyhistory > populate wanlinkperformancelog meraki configuration templates get /organizations/{external organization id}/configtemplates > populate merakiconfigurationtemplates meraki switch port profiles get /networks/{networkid}/switch/settings/profiles > populate merakiswitchportprofiles update networkdeviceports meraki mt sensor readings & health get /networks/{networkid}/sensors/readings/latest, /history define sensors in environmentalsensors (incl thresholds based on api data or defaults) populate environmentalreadings with history update environmentalsensors last reading value, last reading time, status query sensor health endpoints (if available) to update devicebattery level percentage, devicebattery status, and devices status (for connectivity) meraki mv snapshots (optional/out of scope for v1) if triggering/retrieving snapshots post /devices/{serial}/camera/generatesnapshot, store url/link potentially in attachments (deferred/out of scope logs) traffic analysis, wireless health stats, mv analytic events 5 3 webhook event ingestion & processing webhook receiver endpoint implement a secure backend http endpoint to receive post requests from vendor webhooks (e g , /api/webhooks/meraki/{integrationinstanceid}) authentication/validation validate incoming requests using the shared secret configured in the integrationinstance (if applicable) or other vendor specific validation methods event parsing parse the json payload of the webhook request to identify the event type (e g , mt sensor threshold violation, mx security event, device status change), affected network/device identifiers, timestamp, and relevant details data mapping & action for critical alerts (mt threshold exceeded, mx security event) create or update records in the commandit alerts table, linking to the appropriate device or environmentalsensor for status changes or network events create records in deviceeventlogs or update devices status for sensor readings pushed via webhook update environmentalsensors last reading value/status and potentially create environmentalreadings entries error handling log errors during webhook processing (parsing failures, mapping issues) implement retries if appropriate for transient errors security ensure the webhook receiver endpoint is protected against abuse (e g , rate limiting, input validation) 5 4 error handling & throttling (api polling) implement robust error handling for vendor specific api errors log errors against integrationinstances implement vendor specific rate limit handling (e g , meraki's 10 calls/sec/org) 6\ configuration monitoring develop engine to periodically query vendor apis for specific configurations based on compliancerules implement comparison logic against desired state create/update devicecomplianceresults trigger alerts via alertprocessingrules 7\ configuration push (future scope read only initially) future goal allow triggering configuration changes via vendor apis required api calls vendor specific put/post/delete endpoints schema support use configurationdeploymentlog table to track actions permissions will require api keys/credentials with write permissions 8\ security considerations api key/token security secure storage via credentials/credentialusage recommend least privilege service accounts webhook security use shared secrets for validation protect the receiver endpoint audit logging log all sync activities, webhook processing events , api calls, errors, config checks in auditlog 9\ data mapping summary (example vendor agnostic, meraki detail) vendor api concept / meraki endpoint key property commandit table(s) key commandit columns organization/site / get /organizations id, name externalsystemidentifiers, organizations external identifier value, target entity id, name network / get / /networks id, name, producttypes, timezone managednetworks managed network record id, external network id, name, platform type='meraki', platform specific config device / get /devices/{serial} serial, name, model, mac, tags, firmware devices, externalsystemidentifiers serial number, name, model number, mac address (adapter), tags, firmware version, external identifier value device status / get / /statuses status devices status vlans / get / /vlans id, name, subnet, applianceip vlans vlan id (mapped), name, subnet, gateway wireless ssids / get / /ssids/{num} name, enabled, authmode, psk, etc wirelessnetworks name, is enabled, authentication mode, encryption mode, psk firewall rules / get / /firewall/rules policy, protocol, src/dest, etc firewallrules action, protocol, source ip, dest ip, etc config backup / get / /configuration configuration text deviceconfigurationhistory config content config change log / get / /configchanges ts, adminname, label, oldvalue, newvalue auditlog timestamp, actor display name, event action, details network event log / get / /events occurredat, type, description deviceeventlogs timestamp, event type, message security event log / get / /security/events ts, eventtype, srcip, destip securitythreatevents timestamp, event type, source ip, destination ip licenses / get / /licenses state, devicecount, expirationdate softwarelicenses status, quantity purchased, expiry date, license type='merakicoterm' client history / get / /clients mac, ip, description, firstseen, lastseen, usage deviceclienthistory client mac, first seen timestamp, last seen timestamp, usage sent/received bytes wan performance / get / /losslatency startts, endts, losspercent, latencyms wanlinkperformancelog log timestamp utc, loss percent, latency ms config templates / get / /configtemplates id, name, producttypes merakiconfigurationtemplates template id, name, product types switch port profiles / get / /profiles id, name, config details merakiswitchportprofiles profile id, name, profile data mt sensor readings / get / /sensors/readings ts, serial, metric, value environmentalreadings, environmentalsensors, devicebattery reading timestamp, reading value, sensor id (linked via serial/label), battery level percentage webhook events varies alerts, deviceeventlogs, environmentalreadings, etc mapped based on event type 10\ future considerations implement configuration push capabilities (section 7) expand webhook support to cover more event types or vendors beyond critical mt/mx alerts tasks this document outlines the detailed backend tasks required to implement the network vendor api integration (using meraki as the primary example) as specified in meraki integration spec v1 (v1 5 read only + webhooks), assuming a typescript environment with postgresql/orm access phase 1 core setup & configuration backend task 1 1 implement/verify schema migrations context ensure database structure supports meraki/network vendor integration action create/verify migration scripts for managednetworks, merakiconfigurationtemplates, merakiswitchportprofiles, deviceclienthistory, wanlinkperformancelog, environmentalsensors, environmentalreadings, configurationdeploymentlog (for future use), and ensure necessary fks/fields exist on integrationinstances, devices, networkdeviceports, credentials, auditlog, deviceeventlogs, securitythreatevents, softwarelicenses output database schema matching specification success criteria migrations run successfully; schema introspection confirms tables/fields/constraints/indexes config level platform/deployment task 1 2 secure credential storage for api keys context securely store the msp's meraki api key(s) or other vendor credentials (msp level config) action implement logic to store api keys securely, using the credentials table (credential type='merakiapikey', 'arubaapikey', etc ) with robust encryption (e g , using platform level encryption keys) or integrate with an external vault implement strict access control for retrieval functions input api key string, credential name, associated msp org id output securely stored credential record linked to the msp org id schema interaction credentials (write), organizations (read msp org id) success criteria api keys stored encrypted; retrieval function secured and audited task 1 3 manage network vendor integration instances context allow msps to configure integration for each client's network vendor instance (e g , a specific meraki organization) (org/client level config instance, managed by msp) action implement backend restful api endpoints (crud) for integrationinstances required fields on create commandit client org id, integration type (e g , 'merakiapi'), name, credential id (linking to the msp's stored key from task 1 2) set initial status to 'pendingconfig' update allows modifying name, is enabled, credential id, configuration jsonb delete removes the instance enforce authorization (msp user needs rights for the client org id) input instance details (org id, type, name, credential id) output created/updated/deleted integrationinstances record schema interaction integrationinstances (crud), credentials (read link), organizations (read) success criteria api endpoints function; data persisted; authorization enforced task 1 4 implement meraki org discovery & mapping backend logic context allow msps to link a commandit client org to the correct meraki organization accessible via their api key (msp action within org/client level config setup) action create backend api endpoint (e g , get /api/integrations/meraki/discoverorgs?credentialid= ) logic uses credential id to fetch api key, calls meraki get /organizations via meraki api client wrapper, returns list (meraki org id, name) create backend api endpoint (e g , put /api/integrationinstances/{instanceid}) to receive the selected external organization id (meraki org id) from the ui logic saves this id to the specified integrationinstances record and attempts to update status from 'pendingconfig' to 'ok' (potentially after running connection test task 1 6) input credential id (for discovery), instanceid and selected external organization id (for saving) output list of meraki orgs (for discovery), updated integrationinstances record (for saving) api interaction meraki get /organizations schema interaction integrationinstances (update external organization id, status), credentials (read) success criteria accessible meraki orgs listed; selected meraki org id saved correctly to the client's integrationinstance task 1 5 implement webhook receiver endpoint setup context provide necessary info and storage for vendor webhook configuration (org/client level config) action backend logic to generate a unique, persistent webhook url per integrationinstance (e g , /api/webhooks/{vendor}/{instanceid} or using a unique token stored on the instance) implement api endpoints for ui to retrieve this url and to set/get a shared secret (store securely, e g , encrypted in integrationinstances configuration or linked credentials) input instanceid for setting secret shared secret string output webhook url, stored shared secret schema interaction integrationinstances (read/write configuration or link to credentials) success criteria unique url generated; shared secret stored securely; ui retrieves necessary info task 1 6 implement api connection test endpoint context verify api key validity and access to the mapped external org/site (org/client level config check) action implement backend api endpoint post /api/integrationinstances/{instanceid}/test logic retrieves instanceid, its credential id, and mapped external organization id uses meraki api client wrapper (task 2 1) to call a basic read endpoint scoped to the org (e g , meraki get /organizations/{external organization id}/networks) output json { success boolean, message string } indicating success or specific error (auth failed, org not found, permission denied) success criteria endpoint accurately reflects api key validity and access to the mapped external org phase 2 authentication & api client task 2 1 develop network vendor api client wrapper (e g , merakiapiclient) context create a reusable typescript client for vendor api interactions action develop class takes api key, base url implements methods for get/post/put/delete automatically adds vendor specific headers (e g , x cisco meraki api key) implements pagination logic (e g , meraki link headers) implements rate limit handling (detect 429, respect retry after, exponential backoff, track calls per org id for meraki's limit) parses common api errors libraries axios or similar success criteria wrapper simplifies calls; handles auth, pagination, errors, rate limiting per vendor specifics unit test(s) mock successful calls mock pagination responses mock 429 responses (with/without retry after) mock 401/403/404 errors verify correct headers are added verify rate limit logic pauses/retries appropriately phase 3 core inventory sync (read vendor api) task 3 1 sync job framework context orchestrate periodic data synchronization per integration instance action utilize/adapt a generic sync job scheduler/queue (e g , bullmq) create job definitions for meraki (and other vendors) jobs target active integrationinstances based on integration type retrieve the target external organization id and credential id for each job run update integrationinstances status/timestamps/errors schema interaction integrationinstances (read config, update status) success criteria vendor specific sync jobs scheduled and executed reliably per tenant task 3 2 implement network sync context sync logical network containers (meraki networks, unifi sites, etc ) action create sync job task use api client wrapper to call vendor equivalent of get /organizations/{orgid}/networks perform upsert into managednetworks based on external network id and integration instance id map id, name, timezone, tags store vendor specific details (meraki producttypes, templateid) in platform specific config set network platform type update last sync time schema interaction managednetworks (upsert), integrationinstances (read) success criteria managednetworks table accurately reflects containers for the client org task 3 3 implement device synchronization context sync devices (mx, ms, mr, mv, mt, mg for meraki; switches/aps/gateways for others) action create sync job task use api client to call vendor equivalent of get /organizations/{orgid}/devices or /networks/{netid}/devices get details via /devices/{serial} or equivalent perform upsert into devices based on serialnumber (or other reliable unique id) and org id map properties name, model >model number, mac >primary devicenetworkadapters, lanip >ip address, tags >tags, firmware >firmware version, status >status set manufacturer id store vendor device id/serial in externalsystemidentifiers link devices managed network record id using network id from api response update last sync time schema interaction devices (upsert), manufacturers (read), managednetworks (read), devicenetworkadapters (upsert), externalsystemidentifiers (upsert) success criteria devices table accurately reflects vendor device inventory; links to network and external ids created task 3 4 implement device status sync context keep device operational status up to date (potentially more frequent sync) action create sync job task fetch vendor equivalent of get /organizations/{orgid}/devices/statuses update devices status field based on the result for each device schema interaction devices (update) success criteria devices status reflects current vendor status phase 4 detailed configuration sync (read vendor api) task 4 1 implement management interface sync fetch vendor equivalent of get /devices/{serial}/managementinterface update corresponding devicenetworkadapters record or store relevant details in devices configuration unit test(s) verify data correctly updates devicenetworkadapters or devices configuration task 4 2 implement vlan sync fetch vendor equivalent of get /networks/{netid}/ /vlans upsert into vlans table linked to org id or managednetworks unit test(s) verify vlans records created/updated correctly task 4 3 implement wireless ssid sync fetch vendor equivalent of get /networks/{netid}/wireless/ssids/{num} upsert into wirelessnetworks map settings (auth, encryption, psk ref, vlan id) store associated firewall rules (if applicable and returned with ssid) in firewallrules linked to wirelessnetworks unit test(s) verify wirelessnetworks created/updated verify associated firewallrules created/updated if applicable task 4 4 implement firewall rule sync fetch vendor equivalent of get /networks/{netid}/appliance/firewall/ rules upsert into firewallrules linked to the firewall device map rule details unit test(s) verify firewallrules created/updated, linked correctly to the firewall device task 4 5 implement config backup sync periodically fetch vendor equivalent of get /devices/{serial}/configuration create new deviceconfigurationhistory records with timestamp, type, and content implement logic to avoid storing unchanged configs if desired unit test(s) verify deviceconfigurationhistory records created test change detection logic (if implemented) task 4 6 implement meraki template sync fetch get /organizations/{orgid}/configtemplates upsert into merakiconfigurationtemplates update managednetworks platform specific config with templateid for bound networks unit test(s) verify merakiconfigurationtemplates created/updated verify managednetworks updated correctly for bound networks task 4 7 implement meraki switch profile sync fetch get /networks/{netid}/switch/settings/profiles (or equivalent) upsert into merakiswitchportprofiles update networkdeviceports applied switch profile id based on data retrieved from switch port configuration sync (which might be part of task 3 3 device detail fetch or a separate port detail sync task) unit test(s) verify merakiswitchportprofiles created/updated verify networkdeviceports fk is updated correctly when port config sync runs phase 5 log & performance data sync (read vendor api) task 5 1 implement config changes log sync fetch vendor equivalent of get /organizations/{orgid}/configurationchanges create auditlog entries (source='vendorapi', e g , 'merakiapi') implement checkpointing (using timestamps or pagination tokens) to avoid fetching old logs repeatedly unit test(s) verify auditlog entries created with correct source/details test checkpointing logic task 5 2 implement network events log sync fetch vendor equivalent of get /networks/{netid}/events create deviceeventlogs entries (source='vendorapi') implement checkpointing/filtering unit test(s) verify deviceeventlogs entries created, linked to devices test checkpointing/filtering task 5 3 implement security events log sync fetch vendor equivalent of get /networks/{netid}/appliance/security/events create securitythreatevents entries (source='vendorapi') implement checkpointing/filtering unit test(s) verify securitythreatevents entries created, linked to devices test checkpointing/filtering task 5 4 implement license sync fetch vendor equivalent of get /organizations/{orgid}/licenses upsert softwarelicenses record(s) for the org (license type='vendorspecific') map status, counts, expiry unit test(s) verify softwarelicenses created/updated correctly reflecting meraki co term or other vendor models task 5 5 implement client connectivity history sync fetch vendor equivalent of get /devices/{serial}/clients create/update deviceclienthistory implement pagination/timespan logic implement data retention/cleanup strategy unit test(s) verify deviceclienthistory records created/updated test pagination/timespan logic task 5 6 implement wan uplink performance sync fetch vendor equivalent of /lossandlatencyhistory endpoints create wanlinkperformancelog entries handle pagination/timespans implement data retention/cleanup unit test(s) verify wanlinkperformancelog records created test pagination/timespan logic phase 6 mt sensor sync (read meraki api) task 6 1 implement mt sensor reading sync fetch meraki /sensors/readings/latest & /history perform upsert on environmentalsensors (match by serial, define sensor type/label/units/thresholds) populate environmentalreadings with history update environmentalsensors latest reading/status unit test(s) verify environmentalsensors created/updated verify environmentalreadings populated test status update based on thresholds task 6 2 implement mt sensor health sync query meraki api for sensor health (battery, connectivity) update devicebattery and devices status for the mt sensor device record unit test(s) verify devicebattery and devices status updated correctly phase 7 webhook event processing task 7 1 implement webhook receiver endpoint create secure http post endpoint (e g , /api/webhooks/meraki/{instanceid}) ensure it can handle vendor json payloads unit test(s) test endpoint receives post requests successfully test routing based on instance id/token task 7 2 implement webhook validation implement validation using shared secret stored for the integrationinstance reject requests with invalid secrets unit test(s) test valid secret allows processing test invalid secret results in rejection (e g , 401/403 response) task 7 3 implement webhook event parser develop logic to parse different meraki webhook event types (mt alerts, mx events, device status, etc ) identified in the payload unit test(s) test parsing logic for various known meraki webhook payload formats handle unknown formats gracefully task 7 4 implement webhook data mapping map parsed webhook data to create/update records alerts (critical events), deviceeventlogs (network events), environmentalreadings/environmentalsensors (mt readings/thresholds), devices status queue actions for backend processing unit test(s) test mapping logic creates/updates the correct records in the database based on different webhook event types phase 8 configuration monitoring & alerting task 8 1 implement configuration check engine develop scheduled service reads compliancerules targeting vendor configs (e g , 'meraki') queries synced data (deviceconfigurationhistory, wirelessnetworks, firewallrules, meraki tables) unit test(s) test engine identifies relevant rules and queries correct schema tables task 8 2 implement comparison logic implement comparison between actual state (from schema) and desired state in compliancerules unit test(s) test comparison logic identifies compliant/non compliant states correctly task 8 3 implement devicecomplianceresults logging create/update devicecomplianceresults based on comparison outcomes unit test(s) verify devicecomplianceresults records created/updated accurately task 8 4 implement alerting integration develop logic for alertprocessingrules to evaluate results or critical webhook events/polled logs and create alerts unit test(s) test rule evaluation triggers alerts correctly phase 9 cross cutting concerns task 9 1 centralized audit logging ensure all sync operations, api calls, errors, webhook processing, config checks are logged to auditlog with appropriate context (source platform='merakiapi', etc ) unit test(s) verify key actions generate expected auditlog entries task 9 2 error handling framework implement consistent error handling (try/catch, custom error types) for api calls and webhook processing update integrationinstances status/error messages integrate with queue retry logic unit test(s) simulate api/processing errors; verify they are caught, logged, and instance status updated task 9 3 throttling implementation implement and test meraki specific rate limit handling (10 calls/sec/org) in the meraki client wrapper (task 2 1) add monitoring for 429 errors unit test(s) mock 429 responses; verify client wrapper waits/retries correctly according to meraki limits task 9 4 security implementation ensure secure fetching/handling of api keys validate webhook shared secrets review code for security best practices unit test(s) test credential storage/retrieval security test webhook validation logic code reviews are primary verification
