Core Principles
API Key Management
Best practices for creating, organizing, and securing your API keys
Manage your API keys efficiently to maintain security and organization across your applications.
Getting Your First API Key
- Visit dev.bags.fm and sign in to your account
- Navigate to the API Keys section
- Create a new API key with a descriptive name
- Copy and securely store your API key
Each user can create up to 10 API keys. Keep your keys secure and never share them publicly.
Key Limitations
- Maximum keys: 10 API keys per user account
- Key naming: Name your keys for easy organization and identification
- Usage tracking: Keys track last usage timestamp for monitoring
- Immediate revocation: Revoking a key instantly stops all requests using that key
Best Practices
1. Descriptive Naming
Use clear, descriptive names that identify the key’s purpose: Good examples:Production-Web-AppDevelopment-EnvironmentMobile-App-iOSBackground-Jobs-ServerTesting-Integration
Key1TestMyKeytemp
2. Environment Separation
Create separate keys for different environments:3. Application-Specific Keys
Use different keys for different applications or services:| Application | Key Name | Purpose |
|---|---|---|
| Web Dashboard | Web-Dashboard-Prod | Main web application |
| Mobile App | Mobile-App-v2 | iOS/Android app |
| Background Jobs | Cronjobs-Server | Scheduled tasks |
| Analytics | Analytics-Service | Data collection |
| Integration Tests | CI-CD-Testing | Automated testing |
Emergency Procedures
Compromised Key Response
If an API key is compromised:- Immediately revoke the compromised key
- Create a new key with different name
- Update all applications using the old key
- Review logs for unauthorized usage
- Report the incident if further assistance is required
Always update your applications with new API keys before revoking old ones to prevent service interruptions.