How can we help?

My API secret key has been leaked. What do I do?

Last updated on January 22, 2018

Your API secret key can be used to make any API call; most notably, it can create new charges, create new Customers, and issue refunds. If your API key has been compromised (or you suspect it may have been), you must roll it immediately.

How do keys leak? Here are some common reasons.

  • Your secret key has been accidentally committed in your repository
  • An ex-developer of yours has your secret key
  • Your server got hacked
  • Someone unauthorized got your key

Rolling your API key

To roll your API key, first login to your Live dashboard and head over to “Keys”. Click on “Roll key” to roll your API key.

For your account’s security, we send out an email which includes the IP address and date of access every time an API key is rolled.

Can’t find your answer?

Get in touch with us and we’ll get back to you as soon as possible