Managing API Keys

Key List

View all your API keys:

1. Navigate to Settings → API Keys
2. See a list of all created keys
3. View key name and creation date
4. See last used timestamp (if available)
5. Identify active and expired keys

Key Rotation

Rotate API keys for security:

1. Create a new API key with the same name (add version number)
2. Update your application with the new key
3. Test the new key to ensure it works
4. Delete the old API key
5. Monitor for any issues

Best Practice: Rotate API keys every 90 days or immediately if you suspect compromise.

Key Revocation

Revoke API keys when compromised or no longer needed:

1. Navigate to Settings → API Keys
2. Find the key you want to revoke
3. Click "Delete" or "Revoke"
4. Confirm the deletion
5. Key is immediately invalidated

Revoked keys cannot be restored. Create a new key if you need access again.

Key Usage Tracking

Monitor API key usage:

• Last Used: Timestamp of last API request using the key
• Usage Count: Total number of requests (if tracking enabled)
• Access Logs: Review detailed access logs in audit trail
• Suspicious Activity: Monitor for unusual usage patterns

Regularly review key usage to detect unauthorized access or compromised keys.