# Share diagnostics

Canonical: https://docs.flowrelay.app/recover/diagnostics/
Markdown: https://docs.flowrelay.app/recover/diagnostics.md

Diagnostics shares let operators share evidence without copying raw event bodies, secrets, or private Shopify material.

## Recovery steps
Complete these checks before executing a recovery action.
1. Open the event, endpoint, or receipt that needs support.
2. Choose diagnostics and preview the generated package before sharing.
3. Confirm the share contains redacted setup facts, receipt facts, support codes, and recovery context.
4. Confirm it excludes raw event bodies, endpoint secrets, authentication headers, HMAC values, Shopify tokens, sessions, database URLs, and customer data.
5. Share the diagnostics ID or package only after explicit approval, then use that frozen package for follow-up.

## What diagnostics include
Diagnostics shares are designed for partner and support collaboration without widening access.


- Included: Receipt facts, endpoint state, support codes, retention state, replay availability, and recovery guidance; Excluded: Raw event bodies, full authentication headers, signing secrets, static header values, Shopify tokens, sessions, database URLs, and customer data
- Included: Redacted setup context and support summaries; Excluded: Copied merchant incidents, private screenshots, full partner logs, or real payload examples

## Preview before sharing
Always preview the share before sending it. Share the diagnostics ID or frozen redacted support summary only after the merchant or operator approves it.


## When diagnostics help
Use diagnostics when a sender owner, setup partner, authorized agent, or FlowRelay support needs evidence but should not receive raw event bodies.


## Related
- [Work with support](https://docs.flowrelay.app/recover/support-signals.md)
- [Read receipts](https://docs.flowrelay.app/operate/receipts.md)
- [Authenticate requests](https://docs.flowrelay.app/setup/authentication.md)

## Safety Boundary
Do not include raw event bodies, endpoint secrets, authentication headers, HMAC values, Shopify tokens, Shopify sessions, database URLs, customer data, merchant incidents, or copied private logs in public examples.