Skip to main content

Manage API Keys

Generate, manage, and delete API Keys from your Bureau Dashboard with secure key usage and management best practices.

Generate API Keys

To generate a new API Credential (Credential ID + Credential Secret):

1

Log in to your Bureau Dashboard.

2

Click the dropdown beside your profile name (top‑right corner).

3

Select My API Keys.

4

Click + Generate an API Key.

5

Provide a name for the key. We recommend using a consistent naming convention (for example: <service_name>-<dd_mm_yyyy>-<hh_mm>) to make identification and management easier.

6

Click Save & Add.

7

Your API Credential ID and Credential Secret are generated and displayed on screen. Copy them now and store them securely — you may not be able to view the secret again later.

⚠️Always store the credentials securely (see "Secure Storage" section below).

🛡️ Secure Storage of API Keys

After generating API keys:

  • Save them in a secure location. Consider using a password manager or a secure vault.
  • Do not include API keys in publicly accessible code repositories or expose them in client‑side code.
  • Use environment variables, encrypted storage solutions, or a proper secrets management system to store API keys.

🗑️ Delete API Keys (Permanent Action)

If an API key is no longer needed — for example, after a rotation, or if you suspect a security breach — you should delete it. This action is permanent and cannot be undone. Make sure the key is no longer in use before deleting it.

To delete an API key:

1

Log in to your Bureau Dashboard.

2

Click the dropdown beside your profile name.

3

Select My API Keys.

4

Find the API key you want to remove, then click the More Options (3‑vertical‑dots) menu next to it.

5

Click Delete.

6

The key will be revoked and will no longer work for API calls.

⚠️Verify that no active integrations or services are using that key before deleting it — otherwise those services will fail.

🛠️ API Key Security Best Practices

Managing your API keys responsibly is critical to maintaining the security of your account and data. Below are recommended best practices:

Best PracticeRecommendation / Description
Key Storage and Management
  • Avoid public repositories: Never store API keys in publicly accessible code repositories.
  • Limit key sharing: Share keys only through secure, restricted channels like cloud-based document sharing or password managers.
  • Delete unused keys: Regularly remove keys that are no longer necessary to prevent unauthorized access.
Key Scope and Naming
  • Use distinct keys: Employ different keys for different applications to limit the impact of a compromise.
  • Implement informative naming: Use a consistent naming convention (such as service_name-dd_mm_yyyy-hh_mm) for easy identification and management.
Key Rotation
  • Periodically change keys: Rotate API keys regularly (at least every three months) to mitigate security risks and detect anomalies in usage.