Securely rotate Truv API keys by creating a new key, updating your application, testing integration, and revoking the old key. Ensure correct environment-specific key usage and follow security best practices.
Here's how you can perform API key rotation:
1. Generate a New API Key
- Access the Truv Dashboard: Log in to your Truv Dashboard.
- Navigate to API Keys: Go to the API Keys section under your account settings.
- Create a New Key: Click on "Create New Key" to generate a new API key.
2. Update Your Application
- Locate API Key Usage: Search your codebase for instances where the API key is used, typically in the X-Access Secrete request header.
- Replace with New Key: Update these instances with the newly generated API key.
- Test the Integration: Ensure that your application functions correctly with the new API key before proceeding.
3. Revoke the Old API Key
- Return to the Truv Dashboard: In the API Keys section, locate the old API key.
- Delete the Old Key: Click on the trash bin icon next to the old key to revoke it.
- Confirm Deletion: Be certain that your application is operating smoothly with the new key, as deleting the old key is irreversible.
Important Considerations:
- Environment-Specific Keys: Truv provides different API keys for sandbox, development, and production environments. Ensure you're rotating the key for the correct environment.
- Security Best Practices: Regularly rotating your API keys minimizes the risk of unauthorized access. It's advisable to establish a routine schedule for key rotation.