Recommended Security Considerations
Last updated
Was this helpful?
Last updated
Was this helpful?
Very important tip: Restricting your API keys only works for static IP addresses. If your hosting provider generates new IPs for each deployment of your service, then consider not setting API key restrictions (or proceed with caution).
As individuals, it's crucial to exercise extreme caution; therefore, we highly advise limiting the usage of your keys based on specific IP addresses. To do this, go to the settings area of your application and find the Security: API Key Access section, as indicated below. Here, you can enter the IP addresses where you intend to use your API keys. By default, this field is either empty or unset.
Additionally, you have the option to completely stop the use of your API key by deactivating it, as demonstrated in the image below. However, it's important to realize that this action will fully disable your API key, causing your app to stop functioning until you reactivate the key. This feature serves as a temporary measure to disable your keys when you don't need them currently, rather than a comprehensive solution to prevent unauthorized use, as it also impacts your access when disabled.
As users, prioritizing security is essential; thus, we strongly recommend enabling two-factor authentication (2FA) on your account for enhanced protection. To activate this feature, navigate to the Settings > Security section of your dashboard as shown in the accompanying image below. In this area, you can set up 2FA, which adds an extra layer of security beyond just your password. Initially, this option is not activated by default, so it's important to enable it and scan the QR code that shows up, with your choice of authenticator system/app, to safeguard your account effectively.
