Securing Your API Keys
Protect your Synqly API keys and prevent unauthorized access
Your API key grants access to your AI infrastructure. Treat it like a password. If a key leaks, the damage is real: • Unexpected usage bills • Data exposure via prompt logs • Abuse and rate limiting impacting real users This guide covers storage, rotation, access control, and monitoring practices that are simple but effective.
Secure Storage
Never store API keys: • In frontend code • In Git repositories • In logs Always use environment variables or secret managers.
Key Rotation
Rotate keys regularly: • On team changes • After incidents • On a fixed schedule
Access Control
Limit who can: • Create keys • Rotate keys • View usage
Monitoring & Alerts
Set alerts for: • Sudden usage spikes • Unusual geographic patterns • Failed authentication attempts
If You Think a Key Leaked
Immediate steps: 1) Revoke the key 2) Rotate and redeploy 3) Audit logs for unusual usage 4) Add stricter limits/alerts 5) Postmortem: how did it leak?