Best Practices for API Keys Management
SuprSend uses API keys to authenticate requests. SuprSend provides 2 methods for authentication:
1. Workspace Key & Secret
This authentication method is available when you are using one of our SDKs to send requests. Unlike API keys, Workspace Secret is not exposed on network, and is relatively more safer option.
Using Workspace Key & Secret
The Workspace Key and Secret are pre-generated for every environment. You can access your workspace key & secret by following steps below:
- Go to a workspace > Settings (left panel) > API Keys
- On API Keys page, you will find
Workspace Key
andWorkspace Secret
. Click on them to copy.
If you wish to rotate the Workspace Key & Secret, please contact us on [email protected]
Never share workspace secret with anyone including our support team
2. API Keys
When making requests over HTTPS, you can generate your private API key for a workspace directly through the SuprSend dashboard.
Generate API Keys:
Use these steps to create an API key for your SuprSend account:
- Go to a workspace > Settings (left panel) > API Keys
- On API Keys page, click on
Generate Key
- Enter a Name for the API key
- Select
Create and View
and copy the token
The token is only displayed once. Store the token somewhere secure that you can access when you make API requests.
Your API keys carry many privileges. Don't store them in publicly-accessible areas.
After rotating tokens make sure you always use the new token.
Rotate API Keys
As a security best practice, rotate tokens periodically.
- To rotate an existing API key, select
Disable
to disable the existing key and generate a new API key.
Best Practices for Enhanced Security
- Never commit your key to your repository
- Use Environment Variables in place of your API key
- Use a Key Management Service
- Monitor your account usage and rotate your keys when needed
Rotation Strategy:
1. Scheduled Rotation: Implement a scheduled rotation of API keys (e.g., every 6 months) to reduce the risk of long-term exposure.
2. Ad-Hoc Rotation: Rotate keys immediately if you suspect that a key has been compromised or if it has been inadvertently exposed.
Updated 7 months ago