Security Best Practices

Guidelines for keeping your API keys and data secure.

API Key Security

Do:

  • Store keys in environment variables
  • Use secret management services (AWS Secrets Manager, HashiCorp Vault)
  • Use different keys for different environments
  • Rotate keys regularly
  • Set expiration dates on keys

Don't:

  • Commit keys to version control
  • Share keys in chat or email
  • Hardcode keys in source code
  • Use keys in client-side code

Data Protection

All API requests are encrypted in transit using HTTPS. We never store your API keys in plaintext.

See Data Protection for more information.

If Your Key is Compromised

  1. Immediately revoke the compromised key in your dashboard
  2. Create a new API key
  3. Update your applications with the new key
  4. Monitor audit logs for suspicious activity