API Key Rotation
Create a new API Secret Key and eliminate your old one
You can create your own API Secret key for your new Shop, or exchange it for a new one if it has becomed compromised. Here you will find a step by step guide on how to do it from your Shop Back Office.
Creating a new API Secret Key (for the first time):
-
Navigate to the Shop menu and hit the view button in the ACTIONS column
-
Click on Generate Key
-
Click on YES to view your newly generated API Secret Key.
-
Make sure you copy your key and store it in a safe place, you will only be able to see this key once. If you lose it you will have to create a new one.
Rotating your key in case it becomes compromised or lost:
-
Navigate to the same view section of the Shop menu, but this time click on the Rotate button
-
Click Yes to view your newly created API Secret Key
-
Make sure you copy the newly created Key and store it in a safe place, you will only be able to see it once. If you lose it you will have to create a new one.
Once the new key is created, you will have both keys available so you can replace your old key with the new one in your calls. Please make sure you replace it EVERYWHERE the key is required for authentication. Failing to do so will result in broken API calls and processes due to authentication errors.
- Once you have replaced the old key everywhere, you can invalidate it by clicking the red button and then clicking "YES"
- Now you will be able to see the newly generated key as ENABLED and your old one as DISABLED
In case you have implemented BasicAuth for our webhook notifications, you will have to update the credentials there as well. Bear in mind that the webhooks will get to your system with the old credentials until you invalidate them. Only then will the webhooks start using the newly rotated credentials.
Updated about 3 hours ago