Nomsa Guide
  • 👋About Nomsa
  • Campaign Guide - General
    • 🚀How to send a campaign?
  • Campaign Guide - Email
    • 📧Email Campaigns - Basics
      • Scheduled Sending
      • Bounced Emails and Halted Campaigns
      • Email Statistics
      • Formatting your Message Template
      • Variable Fields
      • Unique URL Link per Recipient
      • Pasting Content from Microsoft Word
      • Manage your Unsubscriptions
      • Understanding Unsubscriptions
    • 🔐Sending Password-Protected Emails
      • Tutorial
  • Campaign Guide - SMS
    • 📲SMS Campaigns - Basics
    • SMS Onboarding Overview
      • How do I send SMS
  • Campaign Guide - Telegram
    • 🤖Telegram Campaigns - Basics
      • Add Telegram Bot Token in Nomsa
      • Instructions for Recipient Onboarding
      • Use the Bot in the Campaign
      • Telegram Formatting
      • Telegram Bot Statistics
  • Api Guide
    • 📖Overview
      • API Response Formats
      • Bearer Authentication
      • Generate your API Key
      • Rotate your API Key
    • 📨Programmatic Email API
      • Custom From Address
      • Tracking Email Status
      • Send Email API
        • From Name and From Address
        • CC and BCC
        • Recipient Blacklist
        • Email Tagging and Classification
        • Email Body
          • Embedding Images
            • Linked Images
            • Content-ID Images
        • Attachments
        • Rate Limit
      • Get Email by ID API
      • List Emails API
    • 📬Programmatic SMS API
Powered by GitBook
On this page
  • API keys must be rotated regularly
  • Why is API key rotation necessary?
  • How to rotate an API key
  • Notification Schedule
  1. Api Guide
  2. Overview

Rotate your API Key

PreviousGenerate your API KeyNextProgrammatic Email API

Last updated 1 year ago

API keys must be rotated regularly

Nomsa's API keys are designed to expire automatically and require regular rotation. An expired key will not be able to access Nomsa's APIs. To support key rotation, users can create multiple valid API keys per account.

  • Newly created API keys will expire 6 months after creation.

We encourage users to rotate API keys even more frequently if possible.

Why is API key rotation necessary?

There are two scenarios where API key rotation is necessary.

First, the longer the validity period of an API key, the more vulnerable it is to risk of theft or unintentional disclosure. As a general security practice, API keys should be rotated regularly to mitigate this risk, even when there has been no known breach.

Second, if an unauthorised disclosure of an API key is discovered, API key rotation should be performed as soon as possible to prevent unauthorised usage of the API key.

How to rotate an API key

Follow these steps to rotate your API key:

  1. Create a new API key. See for step-by-step instructions.

  2. Update the API key used in your system to the new one and, if necessary, restart your system to load the new value.

  3. Remove the old API key from your account by clicking the corresponding delete button in Nomsa's Settings page.

Please make sure that the above steps are followed in the correct order. Otherwise, your system might experience disruption.

Notification Schedule

Before your API key expires, we will attempt to notify you of the impending expiry using the contact emails provided when creating your API key.

The notification schedule is as follows:

  • 1 month before the expiry date

  • 2 weeks before the expiry date

  • 3 days before the expiry date

  • 1 day before the expiry date

📖
this page