Developer Portal Service — Service Risk Register
Version: 1.0 Status: Draft Owner: Product + Developer Relations (DevRel) Last Updated: 2026-04-20
1. Intent
Track known risks for the Developer Portal — adoption, security, operational, regulatory — with owner and mitigation.
2. Risks
R1 — Verify abuse drives unbounded SMS spend
- Owner: DevRel + Trust & Safety. TBD
- Likelihood: medium · Impact: high · Mitigation: per-recipient + per-tenant + daily-spend caps;
fraud-intel-serviceintegration; alerting on cap hits.
R2 — SDK version skew across languages
- Owner: DevRel. TBD
- Likelihood: medium · Impact: medium · Mitigation: atomic-tag release pipeline; partial-release auto-issue; SDK contract tests.
R3 — Code-snippet generator emits insecure samples
- Owner: DevRel + Security. TBD
- Likelihood: low · Impact: high · Mitigation: snippet templates code-reviewed; CI runs each snippet against sandbox; AI restricted to prose only.
R4 — Sandbox confused with production by tenants
- Owner: DevRel. TBD
- Likelihood: medium · Impact: medium · Mitigation: distinct base URL; UI banner; key prefix differs (
sk_sand_vssk_live_).
R5 — Documentation stale relative to API
- Owner: DevRel. TBD
- Likelihood: medium · Impact: high · Mitigation: OpenAPI is single source of truth; CI fails on spec drift.
R6 — Mobile SDK fails Apple/Google review
- Owner: DevRel + Mobile. TBD
- Likelihood: low · Impact: medium · Mitigation: internal-track distribution before public release; test devices for both platforms.
R7 — Localised content (Pashto/Dari) misrepresents API behaviour
- Owner: DevRel + native-speaker reviewers. TBD
- Likelihood: medium · Impact: medium · Mitigation: human review of every translation; banner on machine-translated pages.
R8 — Adversary uses Verify as enumeration oracle
- Owner: Security. TBD
- Likelihood: medium · Impact: medium · Mitigation: uniform response timing; per-recipient cap; do not leak whether a recipient exists.