Skip to main content

Securing and Managing API Keys

Following the instructions below will help maximize API key security and ensure data safety, preventing the risk of being attacked, losing control of the system, displaying customer information or financial loss.

  • Secure API Key: Never share your API key with anyone. It is a crucial secret for authenticating your service using the API system.
  • API Key Storage: Avoid storing API keys directly in the code. Instead, store them in environment variables or a separate file with restricted access.
  • API Key Management: Create separate API keys for each application, project, or employee accessing the system. Limit the permissions of each API key, granting access only to specific endpoints. Key Rotation: Periodically change API keys every 3-6 months to ensure security on https://console.fpt.ai. Immediately deactivate the old API key.
  • Secure Transmission: Always use HTTPS to encrypt API request calls.