This document aims to guide you in case you have reason to believe that your Futurae API credentials may have been compromised and as such it is necessary to revoke and replace these credentials.
How it works?
The API Key rotation mechanism consists of generating new Auth and/or Admin API Keys for a specified Futurae Service, without immediately revoking the old API keys. This way you have the ability to configure the new keys in your application in a smooth way without causing any service interruption.
The new API keys are immediately visible at Command & Control (formerly Futurae Admin), nevertheless, the old keys remain accepted for a maximum of 30 days after the new keys are generated, or can be revoked earlier, at your request.
API Key rotation request
In order to submit the API Keys request, please get in touch with our support team at support@futurae.com or at support.futurae.com.
The request must include the follow details:
- Futurae Service ID (or IDs in case the rotation is needed for multiple services)
- Which API keys (Auth, Admin or both) for each Service need to be revoked
- The earliest time according to your planning after which Futurae is allowed to proceed with generating the new keys
Steps to follow
- Submit the support request as per the above instructions
- Once our support team confirms that the new API keys were generated, you can retrieve them from Command & Control
- Proceed with the necessary configurations at your end, so that the new keys are used instead of the old ones
- Once you have completely phased out the old keys on your side, you may optionally inform our support team to already revoke the old keys, and sooner than the default 30 day expiration time (counting from the new key generation)
Useful references
Please refer to the API documentation references below for further information about configuring the Auth and Admin API Keys:
https://www.futurae.com/docs/api/auth/?json#auth-api-reference
Comments
0 comments
Please sign in to leave a comment.