Guides
LoginSignupGithub

Best Practices for API Keys Management

Suggest Edits

SuprSend uses API keys to authenticate requests. SuprSend provides 2 methods for authentication:

1. Workspace Key & Secret

This authentication method is available when you are using one of our SDKs to send requests. Unlike API keys, Workspace Secret is not exposed on network, and is relatively more safer option.

Using Workspace Key & Secret

The Workspace Key and Secret are pre-generated for every environment. You can access your workspace key & secret by following steps below:

  1. Go to a workspace > Settings (left panel) > API Keys
  2. On API Keys page, you will find Workspace Key and Workspace Secret. Click on them to copy.


If you wish to rotate the Workspace Key & Secret, please contact us on [email protected]

🚧

Never share workspace secret with anyone including our support team


2. API Keys

When making requests over HTTPS, you can generate your private API key for a workspace directly through the SuprSend dashboard.


Generate API Keys:

Use these steps to create an API key for your SuprSend account:

  1. Go to a workspace > Settings (left panel) > API Keys
  2. On API Keys page, click on Generate Key
  3. Enter a Name for the API key

  1. Select Create and View and copy the token


🚧

The token is only displayed once. Store the token somewhere secure that you can access when you make API requests.

Your API keys carry many privileges. Don't store them in publicly-accessible areas.

After rotating tokens make sure you always use the new token.


Rotate API Keys

As a security best practice, rotate tokens periodically.

  • To rotate an existing API key, select Disable to disable the existing key and generate a new API key.


Best Practices for Enhanced Security

  1. Never commit your key to your repository
  2. Use Environment Variables in place of your API key
  3. Use a Key Management Service
  4. Monitor your account usage and rotate your keys when needed

Rotation Strategy:

1. Scheduled Rotation: Implement a scheduled rotation of API keys (e.g., every 6 months) to reduce the risk of long-term exposure.

2. Ad-Hoc Rotation: Rotate keys immediately if you suspect that a key has been compromised or if it has been inadvertently exposed.

Updated 10 months ago