Keep your API Keys secure. They are credentials, like user passwords. Publicly exposing API Keys can result in your account being compromised, which could compromise associated business processes. Follow these best practices to help keep your API keys secure:
- Do not embed API Keys directly in code. Do not use email or other insecure channels to share API Keys.
- Store API Keys in an encrypted vault of some kind. Do not store API keys in files inside your application's source tree.
- Always review your code before publicly releasing it.
- Delete API keys after you no longer need them.
- Regenerate your API keys periodically.
- Use separate credentials for testing and for live production use.