API secret
# API secret overview
The API secret is used for authentication in the most critical parts of the system where access should be limited. For example, the API secret is used in REST APIs and webhooks mechanisms.
For security reasons, the API secret should be kept in a safe place.
# API secrets management
It is possible to create up to 3 API secrets, by using the “API secrets” tab in the Customer Portal. It allows for an easier API secret rotation. The “API secrets” tab also provides information such as the creation and last usage dates of a given API secret.
# Create a new API secret
To generate a new API secret click the “Create a new API secret” visible on the “API secrets” tab.
The API secret’s value will be shown only once. Copy the newly created API secret and save it in a safe place.
It will not be possible to display the full value of this API secret again.
# Set API secret to be used to sign webhooks requests
The first API secret created in the “API secrets” tab will be automatically set for signing webhooks requests.
To change which API secret should be used for that, click the “Use with webhooks” button of the given API secret in the “Actions” column.
The change must be confirmed or canceled.
At any moment it’s possible to delete any API secret which is not currently set for signing webhooks requests.
If there’s a need to delete the API secret set for use with webhooks, another API secret should be set for signing webhooks requests first.
# Remove API secret
To remove the API secret click the red “Trash” icon with the “Remove” prompt in the “Actions” column next to the API secret you want to remove.
This operation cannot be undone, so it requires confirmation by writing the supplied phrase in a confirmation modal and clicking the “Confirm” button.
