Rotating Your API Keys
A guide to rotating your API Keys in Client Portal
You can rotate your API Keys in the Client Portal if your API keys in sandbox or production were compromised, or if you wished to rotate the API keys regularly. You must have Owner permissions.
For example, if you experienced a security breach where your API keys had been exposed to the public, you can rotate your API keys. This allows you to use new API keys.
Sign in as described in Accessing the Client Portal and tap Developer.
The Credentials Details page appears.
Click the Rotate API Keys button.
On the Credentials Details page within the Developer tab, select the Rotate API Keys button.
The Choose when to revoke the existing key dialogue box appears.
Select the time limit when you would like to rotate your API Keys in the Within field, ranging from Now to Seven Days.
Click Next.
The Warning! dialogue box appears.
Updating API Keys
Make sure to update any script or program with the new API Keys, and accept Webhooks with either the new or previous API keys until the previous API keys are revoked. Not updating such scripts on time will prevent any payments that used the previous API keys.
Click the checkbox that says I confirm rotating the API keys.
Click Next.
The Authenticator App dialogue box appears.
Enter your OTP.
Click Submit.
The confirmation window appears.
An email notification will inform you the API keys have been rotated, and state when the previous API keys expire. The notification will be sent to users who have permission to view the API Keys.
You can rollback your API Keys in production or sandbox in Client Portal. Performing a rollback of your API keys will delete the newly generated keys. This allows you to use your previous API keys instead.
You must have Owner permissions to perform this action. You can only rollback your API Keys after rotating the API Keys.
On the Credential Details page within the Developer tab, select the Rollback API Keys button.
The Warning! dialogue box appears.
Rollback API Keys
This action will delete the new API keys and keep the previous API keys active. Make sure all scripts and programs use the active API keys to avoid payments failure.
Click the checkbox that says I confirm rolling back the API keys immediately.
Click Next.
The Authenticator App dialogue box appears.
Enter your OTP.
Click Submit.
The confirmation window appears.
An email notification will inform you the API keys have been rolled back. The notification will be sent to users who have permission to view the API Keys.
Note
If you need more time to update your scripts with the new API keys prior to the previous API keys expiring, please contact support.