Documentation
Run In Postman

Key Management

Purpose

The purpose of this policy is to define guidelines and procedures for managing API keys used in our bank account reporting system. Proper key management ensures the security, integrity, and confidentiality of our API services.

Scope

Key management applies to all developers, administrators, and stakeholders involved in the development, deployment, and maintenance of the connection with Alpha Connect API.

Definitions

  • API Key: A unique identifier used to authenticate and authorise access to our API services.
  • Client Application: Any software or system that interacts with the API.

Key Management Guidelines

Key Generation and Issuance

API keys are generated securely using strong cryptographic algorithms by the integration management team. Keys will only be issued only to authorised client applications. Each client connection will have a unique API key.

Key Refresh and Rotation

Regularly rotate keys to minimise exposure. We'll be happy to issue new ones and will keep your old key active while you're switching over.

Storage and Protection

API keys must be stored securely, avoiding hardcoding them in source code or configuration files. Use a secure key vault or secret management system to store and retrieve keys.

Key Revocation

We can deactivate keys at any time. Let us know if you would like us to freeze your connection or revoke your keys entirely.

Updated 7 months ago