Managing API key secrets

You can rotate, disable, or delete an API key secret without affecting other API key secrets in the same lineage. This helps you avoid service disruptions during secret updates, provide fine-grained access to teams, and quickly revoke access if an API key secret is no longer required or has been compromised.

Rotating API key secret

As an API key secret approaches its expiration, you can rotate the API key which generates a new secret with a new expiration date without invalidating the previous secret. Rotation allows you to replace the API key secret wherever necessary while avoiding service disruption.

An API key can have only two secrets associated with it at a time. If necessary, disable and delete an existing secret before generating a new one.

Before you begin

  • You must have the Manage API keys permission enabled.

Procedure

  1. Click the User Settings icon and select Users & teams.
  2. Click the API keys tab.
  3. For the API key that you want to edit, click the options menu, then click Manage key secrets.
  4. Do one of the following:
    • If the API key has one secret, click Rotate secret. The existing secret remains active until it expires, or you disable it.
    • If the API key has two secrets, disable and delete one secret, even if it is active, and then click Rotate secret.
  5. When prompted, click Rotate secret again to confirm.
  6. Record the secret in a secure password manager or key vault.
Warning: Copy the API key secret before you close the window or navigate away from the page. You cannot retrieve the secret later.

Result

A new API key secret is generated with a new expiration date. The secret ID and expiration date are displayed in the Manage key secrets option for the API key.

Deleting API key secret

To delete an API key secret, you must first disable it. Disabling a secret immediately invalidates the secret, so it cannot be used to authenticate API requests. You can disable and delete an API key secret at any time.

Ensure the API key secret is not in use before disabling and deleting it. If necessary, you can rotate the API key secret to generate a new one without invalidating the previous secret.

CAUTION: Deleting all secrets associated with an API key will permanently delete the API key and interrupt existing integrations. To avoid service disruptions, rotate the API key secret instead of creating a new API key.

Before you begin

  • You must have the Manage API keys permission enabled.

Procedure

  1. Click the User Settings icon and select Users & teams.
  2. Click the API keys tab.
  3. For the API key that you want to edit, click the options menu, then click Manage key secrets.
  4. Use the toggle to disable the API key secret you want to delete.
  5. When prompted, confirm that you want to disable the API key secret.
  6. After the key is disabled, click Delete secret.
  7. When prompted, confirm the deletion.
  8. Click Delete.

Result

The API key secret is deleted.