Securing your API key
Anyone can use your secret API key to make any API call on behalf of your account, such as purchasing gift cards and redeeming the card. Keep your keys safe by following these best practices
Best practises for securing your key
- Apply the principle of least privilege access when creating API keys and apply role based access control (RBAC).
- Don’t store keys in a version control system such as GitHub or GitLab.
- Control access to your keys with a password manager or secrets management service.
- Don’t embed a key where it could be exposed to an attacker, such as in a mobile application.
- Avoid adding API keys directly in files of code or version control systems. You can instead use environment variables, user input or APIs for password and secret management systems to retrieve the Runa API keys and use them in code.
- If you believe an API key has been inappropriately handled or viewed, ensure the API key is regenerated from your Runa admin portal. Be mindful of the impact of regenerating an API key that's already in use.
- Avoid sending API keys over untrusted or general-purpose communication technologies such as email, SMS and instant-messenger applications such as WhatsApp, Microsoft Teams, Slack where possible. If you have to share the Runa API key generated from your end, Use encrypted technologies to share the API key.
Customer responsibility for API keys
Runa Network Limited does not have visibility or access to a customers network or systems and therefore can not be held liable for anything that may cause a cyber security incident on the customers network or platform.
Report any suspected cyber security Incident relating to your account to [email protected]
Updated 8 months ago