Rotating API Keys

API keys are long-lived credentials, and like any secret, they can be exposed over time — through accidental commits to version control, overly broad access permissions, employee departures, or third-party service breaches. Rotating your API key is the practice of replacing an existing key with a new one and retiring the old one, limiting the window of exposure if a key has been compromised without your knowledge.

Regular key rotation is a security best practice recommended by many compliance frameworks. Even if you have no reason to suspect a breach, proactively rotating keys reduces the blast radius of any undetected exposure and ensures your access credentials stay fresh. You should also rotate immediately any time a key may have been leaked — for example, if it was accidentally pushed to a public repository or shared in an insecure channel.

How to rotate your API key

1. Log in to the developer portal at https://developer.wellsaidlabs.com
2. Navigate to your Application Details
3. Go to subscription list. Select the subscription to see details.
4. Scroll to the list of API keys. Click Renew. This will create a new API key, and set the current one to expire in 2 hours.