Key Management
Purpose
The purpose of this policy is to define guidelines and procedures for managing API keys used in our bank account reporting system. Proper key management ensures the security, integrity, and confidentiality of our API services.
Scope
Key management applies to all developers, administrators, and stakeholders involved in the development, deployment, and maintenance of the connection with Alpha Connect API.
Definitions
- API Key: A unique identifier used to authenticate and authorise access to our API services.
- Client Application: Any software or system that interacts with the API.
Key Management Guidelines
Key Generation and Issuance
API keys are generated securely using strong cryptographic algorithms by the integration management team. Keys will only be issued only to authorised client applications. Each client connection will have a unique API key.
Key Refresh and Rotation
Regularly rotate keys to minimise exposure. We'll be happy to issue new ones and will keep your old key active while you're switching over.
Storage and Protection
API keys must be stored securely, avoiding hardcoding them in source code or configuration files. Use a secure key vault or secret management system to store and retrieve keys.
Key Revocation
We can deactivate keys at any time. Let us know if you would like us to freeze your connection or revoke your keys entirely.
Updated 10 months ago