Creating API Keys
- Log into the Developer Dashboard
- Navigate to the “API Keys” section
- Click “Create API Key”
- Provide:
- Key Name: Descriptive name (e.g., “Production App”, “Staging Environment”)
- Environment: Choose between “Live (Production)” or “Sandbox (Testing)”
- Copy your key immediately - it won’t be shown again!
Key Management
Viewing Keys
In the dashboard, you can see:- Key name
- Environment (Live or Sandbox)
- Creation date
- Last used date
- Active/Inactive status
Regenerating Keys
To regenerate a key:- Find the key in your dashboard
- Click the regenerate icon
- Confirm the action
- Copy the new key immediately
Deactivating Keys
To temporarily disable a key:- Find the key in your dashboard
- Toggle the active status
- The key will be disabled but not deleted
Deleting Keys
To permanently delete a key:- Find the key in your dashboard
- Click the delete icon
- Confirm the deletion
Best Practices
Use Separate Keys
Use sandbox keys (
sk_sandbox_) for testing and live keys (sk_live_) for production. See Sandbox.Name Clearly
Use descriptive names to identify key purposes
Rotate Regularly
Regenerate keys periodically for security
Monitor Usage
Regularly check key usage for suspicious activity
Store Securely
Never commit keys to version control
Limit Access
Only share keys with trusted team members
Environment Variables
Store API keys as environment variables:Security Checklist
- Keys stored in environment variables
- Keys not committed to version control
-
.envfiles in.gitignore - Different keys for each environment
- Keys rotated periodically
- Access limited to necessary team members
- Monitoring enabled for key usage
Troubleshooting
”Invalid API Key” Error
- Verify the key is copied correctly (no extra spaces)
- Check the key is active in the dashboard
- Ensure you’re using the correct key for your environment:
sk_live_for production (dhmad.tn),sk_sandbox_for the sandbox (sandbox.dhmad.tn). Using the wrong key type returns a clear 401 message.
Key Not Working
- Verify the key hasn’t been regenerated
- Check the key hasn’t been deleted
- Ensure your developer account is associated with a user account
If a key is compromised, regenerate it immediately and update all applications using it.