Dashboard

API Keys

Evervault provides a secure and easy-to-use authentication mechanism for APIs using API keys. These keys authenticate API requests by passing them in HTTP headers or as a parameter to the Evervault SDKs.

API keys can be created and managed on a per-app basis in the Evervault Dashboard, and can be scoped to control access to specific resources and services, ensuring that your API keys only have access to the resources they need.

Create an API Key

To create an API key, follow these steps:

  1. Sign in to the Evervault dashboard.
  2. Go to the app settings -> API Keys.
  3. Click "Create Key".
  4. Select the actions and resources you want the API Key to have access to.
  5. Click "Save".
  6. Store the API key securely in your application.

The plaintext value of an API Key will only be shown once when it is created. It's essential to store and manage them securely to ensure the integrity of your Evervault account.

Manage existing API Keys

API keys can be updated and revoked in the Evervault dashboard. This allows you to ensure that your API keys are secure and that they only have access to the resources they need. To update an API key, follow these steps:

  1. Sign in to the Evervault dashboard.
  2. Go to the app settings -> API Keys.
  3. Click on the dropdown menu next to the API key you want to update.
  4. Select the actions and resources you want the API Key to have access to.
  5. Click "Save".

Revoke an API Key

API keys can be revoked in the Evervault dashboard. This allows you to ensure that your API keys are secure and that you only have the keys you need. To revoke an API key, follow these steps:

  1. Sign in to the Evervault dashboard.
  2. Go to the app settings -> API Keys.
  3. Click on the dropdown menu next to the API key you want to revoke and click 'Delete'.
  4. Enter the name of the API key to confirm the deletion.

Rotate an API Key

To maintain the security of your Evervault account, it's important to regularly rotate your API keys. To rotate a key, you can create a new API key with the same permissions as the old key. Once the new key is in use, you can remove the old key from your account. This ensures that any potential security vulnerabilities associated with the old key are eliminated, while still allowing your application to function properly with a new key.

Keeping your API Keys Secure

API keys should be kept safe to prevent unauthorized access to sensitive resources and services, and to maintain the security and integrity of your Evervault account.

Here are some tips on how to keep your API keys safe:

  • Do not share your API keys: API keys are sensitive and should not be shared with anyone. Keep them secure and only provide access to those who need it.
  • Store API keys securely: Store your API keys in a secure location, such as a password manager, and never store them in plain text or in public repositories.
  • Rotate API keys regularly: Regularly rotate your API keys, especially if they have been compromised or if access is no longer required.
  • Restrict API key access: Limit access to your API keys by scoping them to specific resources and services. This ensures that they only have access to the resources they need.
  • Do not embed API keys directly in code: Embedding API keys directly in code, such as in configuration files, can make them more vulnerable to exposure. Instead, use environment variables or a configuration file that is not included in version control to store and manage your API keys.

On this page