# Work with a partner without sharing secrets Canonical: https://docs.flowrelay.app/use-cases/share-diagnostics-with-partner/ Markdown: https://docs.flowrelay.app/use-cases/share-diagnostics-with-partner.md Use this path when another team needs to help investigate an event, but the merchant should not copy private request data into chat, tickets, or screenshots. ## Who this helps This is for setup partners, sender owners, and support teams that need to resolve the setup or handoff issue without receiving secrets, raw event bodies, or customer data. ## What the partner gets The partner gets redacted receipt facts, endpoint state, support codes, retention and replay context, and a redacted support summary that can be discussed without widening access. ## What stays private Do not share raw event bodies, full authentication headers, signing secrets, tokens, sessions, database URLs, customer records, or copied private incidents. ## Typical path A typical path starts from the scenario, then moves into setup and verification. 1. Agree on the question the partner needs to answer, such as whether the sender used the right URL, sent valid JSON, mapped the expected ID, or reached Shopify Flow. 2. Open the FlowRelay receipt or endpoint that anchors the investigation. 3. Preview the diagnostics share and check that it contains redacted setup facts, support codes, receipt context, and recovery guidance. 4. Confirm that the share excludes raw event bodies, full authentication headers, endpoint secrets, HMAC values, Shopify tokens, sessions, and customer data. 5. Share the diagnostics ID or redacted support summary only after the merchant or operator approves it. 6. Keep the follow-up tied to the frozen diagnostics share instead of pasting private logs into another tool. ## Related - [Share diagnostics](https://docs.flowrelay.app/recover/diagnostics.md) - [Read receipts](https://docs.flowrelay.app/operate/receipts.md) - [Authenticate requests](https://docs.flowrelay.app/setup/authentication.md) ## Safety Boundary Do not include raw event bodies, endpoint secrets, authentication headers, HMAC values, Shopify tokens, Shopify sessions, database URLs, customer data, merchant incidents, or copied private logs in public examples.