Skip to main content
How to Rotate API Keys

Enhancing Security: The Importance of API Key Rotation

Updated over a year ago

Your account API Keys

Veryfi assigns one set of API Keys to each company account.

Your account API Keys can be found in Keys section, just navigate to Settings>Keys.

What is API Key rotation?

API key rotation is the practice of changing or updating API keys used for authentication and authorization purposes. It is a security measure aimed at reducing the risk associated with long-lived or compromised API keys.

API key rotation is crucial for maintaining the security and integrity of systems, protecting sensitive data, and mitigating the risks associated with unauthorized access or key compromise.

Why is API Key rotation important?

Regularly rotating API keys helps to mitigate the risk of unauthorized access and potential data breaches. If an API key falls into the wrong hands, it could be used to gain unauthorized access to sensitive data or perform malicious actions on behalf of the key owner.

In many industries, compliance standards and regulatory frameworks require organizations to implement security measures, including regular key rotation. By adhering to these requirements, organizations demonstrate their commitment to security and ensure they meet industry standards.

The concept behind API key rotation is to periodically replace existing API keys with new ones.

The frequency of API key rotation may vary based on factors such as the level of security required, industry best practices, and organizational policies. Typically, API keys are rotated at regular intervals, such a quarterly or annually, depending on the specific requirements and risk tolerance in your company.

πŸ”ˆ Please note that currently, only the account owner will be able to create and remove API Key. Read API Keys Access Permissions article for more information.

How to reset your Veryfi API keys?

  1. Generate New API Key.

    The first step is to generate a new API key to replace the existing one. This can be done using a secure key generation mechanism provided by Veryfi.

    a. Navigate to Setting > Keys section in your Veryfi Portal
    b. Press ADD NEW API KEY

c. Grab a new generated API Key

2.Update Applications & Systems

Once new API keys are generated, the next step is to update the relevant applications or systems that use your API. This involves replacing the old API keys with the newly generated keys in the code or configuration of the applications.

3. Test and Validate

After updating the applications, it is important to test and validate that the new API keys are working correctly. This ensures that the applications can successfully authenticate and authorize access using the updated keys.

4. Retire or Revoke Old API Keys

To maintain security, the old API keys that have been replaced should be retired or revoked. This prevents their further use and reduces the risk of unauthorized access or misuse.

To retire the Old Key, please go back to Keys section in your Veryfi Portal and press Delete for the Old Key

Once retired, your new API Key will become your Primary API Key

The Veryfi API key rotation functionality allows you to smoothly update the API Key without causing any downtime, helping to enhance security, reduce the risk of key compromise, and maintain a secure environment for API access and integration.

☞ In the next version of this feature, we will add the Client Secret rotation option.

Did this answer your question?