Skip to content
Help Center
Security

What to do if your API key is compromised

Rotate your key immediately and follow these steps to secure your account.

Compromised API key — immediate steps

1. Rotate the key immediately

Go to Settings → API Keys, find the affected subscription, and click Rotate key. The old key is revoked instantly.

2. Update your integrations

Replace the old key in all your environments (dev, staging, production) with the new key.

3. Review your usage logs

Check the API's usage logs in Dashboard → Analytics for unusual activity or unexpected spikes.

4. Notify the API provider

If you see unauthorized usage, contact support and optionally notify the API provider directly.

5. Audit your secrets management

Review how the key was stored. Never commit keys to source control. Use environment variables or a dedicated secrets manager (e.g. AWS Secrets Manager, Vault, Doppler).

If you need further assistance, contact our security team.

Related articles

Security and compliance overview

How the platform handles data security, encryption, and compliance.

Still need help?

Our support team is happy to assist.

Contact Support