TablelistPro Logo

Integrations

Integration security and your data

2 min read

TablelistPro connects to the tools you choose. Your vendor credentials stay yours, your venue data stays yours, and we treat integration secrets with the same care we'd want for our own.

For setup basics, see Adding Integrations.

Your credentials

  • You create them. API keys, OAuth tokens, and client secrets come from Stripe, Mailchimp, Toast, and other vendors — not from TablelistPro. We store only what's needed to run the connection you set up.
  • You control rotation. Revoke or rotate a key in the vendor system anytime, then update the integration in TablelistPro. Leave a secret field blank when editing if you want to keep the existing value.
  • Different from Developer API keys. Settings → Developers → API Keys are TablelistPro REST keys for your apps and scripts. Integrations use third-party credentials (Stripe, Mailchimp, etc.). They're separate on purpose.

How TablelistPro handles secrets

  • Encrypted at rest — integration secrets are stored as ciphertext, not plain text in our database.
  • Never shown again after save — once you save an API key or token, TablelistPro doesn't send it back to the app. You'll see a masked field and a note that a value is configured.
  • Staff permissions — only team members with the right organization permissions can view or edit integrations.

Inbound webhooks (for example Billfold) use URLs we host; the vendor signs each request and TablelistPro verifies the signature before processing.

Your data

  • It's your business data. Customers, reservations, tickets, and venue settings in TablelistPro belong to you.
  • Integrations act on your instructions. When you connect Mailchimp, Insightly, or a POS, we sync or read data you authorize — we don't resell it or use it for unrelated purposes.
  • Privacy policy — see Account Settings for our privacy policy link.

What we recommend

  • Use a dedicated API key per integration when the vendor allows it.
  • Limit who can access SettingsIntegrations and SettingsDevelopers in staff permissions.
  • Disable or delete integrations you no longer use, and revoke the vendor key on their side.

Need a hand? Reach out to your Tablelist rep or support — we're happy to walk through security questions.