Rotate your API Key
Last updated
Last updated
Nomsa's API keys are designed to expire automatically and require regular rotation. An expired key will not be able to access Nomsa's APIs. To support key rotation, users can create multiple valid API keys per account.
Newly created API keys will expire 6 months after creation.
We encourage users to rotate API keys even more frequently if possible.
There are two scenarios where API key rotation is necessary.
First, the longer the validity period of an API key, the more vulnerable it is to risk of theft or unintentional disclosure. As a general security practice, API keys should be rotated regularly to mitigate this risk, even when there has been no known breach.
Second, if an unauthorised disclosure of an API key is discovered, API key rotation should be performed as soon as possible to prevent unauthorised usage of the API key.
Follow these steps to rotate your API key:
Create a new API key. See this page for step-by-step instructions.
Update the API key used in your system to the new one and, if necessary, restart your system to load the new value.
Remove the old API key from your account by clicking the corresponding delete button in Nomsa's Settings
page.
Please make sure that the above steps are followed in the correct order. Otherwise, your system might experience disruption.
Before your API key expires, we will attempt to notify you of the impending expiry using the contact emails provided when creating your API key.
The notification schedule is as follows:
1 month before the expiry date
2 weeks before the expiry date
3 days before the expiry date
1 day before the expiry date