Skip to main content
It is often recommended or required by organizations to rotate API keys periodically as a proactive measure against potential leaks of sensitive data. If your client secret has been compromised, you should immediately revoke the API key. However, if you would just like to update the secret you can rotate the key without downtime for any existing uses.
1

Create a new key

Create a new API key with the same access as the key you intend to rotate.
2

Update the stored client id and secret

Replace the previously stored client id and secret with the values for the new key.
3

Wait for (or force) existing uses of the key to retrieve the new values

Any services that hold the id and secret in memory will need to refresh the values, either by waiting for a pre-configured expiry duration or manually restarting the process.
4

Delete the previous key

From the API tab on the workspace settings page, select Delete from the key’s menu (found on the far right of the table row for the key).