Skip to main content


Rotating Your Plugin Keys

A guide to rotating your Plugin Keys in Client Portal

You can rotate your Plugin API Keys in the Client Portal if your Plugin API keys in sandbox or production were compromised, or if you wished to rotate the API keys regularly. You must have Owner permissions to rotate your plugin API keys.

For example, if you experienced a security breach where your plugin API keys had been exposed to the public, you can rotate your plugin API keys. This allows you to use new plugin API keys.

  1. Sign in as described in Accessing the Client Portal and navigate to Settings > Plugins.

    The Plugins page appears.

  2. Select the desired plugin.

  3. The Plugin details page appears.

  4. Click the Rotate API keys button in the upper right corner.

  5. The Choose when to revoke the existing key dialogue box appears.

  6. Select the time frame when you would like to rotate your API Keys in the drop-down. The time frame ranges from Now to 7 Days.

  7. Click Next.

  8. The Warning! dialogue box appears.


    Updating API Keys

    Make sure to update any script or program with the new API Keys, and accept Webhooks with either the new or previous API keys until the previous API keys are revoked. Not updating such scripts on time will prevent any payments that used the previous API keys.

  9. Click the checkbox that says I confirm rotating the API keys.

  10. Click Next.

    The Two Factor Authentication dialogue box appears.

  11. Enter your 6-digit SMS code.

  12. Click Submit.

    The confirmation window appears.

  13. An email notification will inform you the API keys have been rotated, and state when the previous API keys expire. The notification will be sent to users who have permission to view the API Keys.