Best Practices
API Keys Management
How to securely manage authentication, API Keys and secrets in your application and backend code.
SuprSend provides 2 methods for authentication:
1. Workspace Key & Secret
This authentication method is available when you are using one of our SDKs to send requests. Unlike API Keys, Workspace Secret is not exposed on network, and is relatively more safer option.Using Workspace key & secret
The Workspace Key and Secret are pre-generated for every environment. You can access your workspace key & secret by following steps below:- Go to a workspace > Settings (left panel) > API Keys
-
On API Keys page, you will find
Workspace KeyandWorkspace Secret. Click on them to copy.
🚧 Never share workspace secret with anyone including our support team
2. API Keys
When making requests over HTTPS, you can generate your private API Key for a workspace directly through the SuprSend dashboard.Generate API Keys
Use these steps to create an API Key for your SuprSend account:- Go to a workspace > Settings (left panel) > API Keys
-
On API Keys page, click on
Generate Key - Enter a Name for the API Key
- Select
Create and Viewand copy the token
🚧 The token is only displayed once. Store the token somewhere secure that you can access when you make API requests.Your API Keys carry many privileges. Don’t store them in publicly accessible areas.After rotating tokens make sure you always use the new token.
Rotate API Keys
As a security best practice, rotate tokens periodically.- To rotate an existing API Key, select
Disableto disable the existing key and generate a new API Key.
Best Practices for enhanced security
- Never commit your key to your repository
- Use Environment Variables in place of your API Key
- Use a Key Management Service
- Monitor your account usage and rotate your keys when needed