Documentation
FAQ: What should I do if an API key leaks? in the NexoRouter documentation.
FAQ: What should I do if an API key leaks?
Disable the key immediately.
Response steps
- Open Dashboard -> API Keys.
- Find the leaked key.
- Revoke or disable it.
- Create a replacement key.
- Update local, server, and deployment environment variables.
- Open Usage Logs and check for suspicious requests.
- If the key had a high budget, contact support with the key name or last four characters.
Prevention
- Do not commit keys to Git.
- Do not paste keys into support tickets or public chat.
- Do not show full keys in screenshots.
- Use low-budget keys for experiments.
- Use separate keys per project and environment.