Documentation

FAQ: What should I do if an API key leaks? in the NexoRouter documentation.

FAQ: What should I do if an API key leaks?

Disable the key immediately.

Response steps

  1. Open Dashboard -> API Keys.
  2. Find the leaked key.
  3. Revoke or disable it.
  4. Create a replacement key.
  5. Update local, server, and deployment environment variables.
  6. Open Usage Logs and check for suspicious requests.
  7. If the key had a high budget, contact support with the key name or last four characters.

Prevention

  • Do not commit keys to Git.
  • Do not paste keys into support tickets or public chat.
  • Do not show full keys in screenshots.
  • Use low-budget keys for experiments.
  • Use separate keys per project and environment.
FAQ: What should I do if an API key leaks? — NexoRouter