API Keys

API keys are essential for authenticating your requests to the Roozna API. This guide will walk you through managing your API keys and implementing best practices for security.

Viewing Your API Keys

To view your existing API keys:

  1. Log in to your Roozna dashboard.
  2. Navigate to the "API Keys" section in the sidebar.
  3. Here, you'll see a list of all your active API keys, including their names and last used dates.

For security reasons, full API keys are only shown once upon creation. Make sure to copy and store your key securely when you first create it.

Creating a New API Key

To create a new API key:

  1. In the API Keys section of your dashboard, click the "Create New API Key" button.
  2. Give your key a descriptive name (e.g., "Production API Key" or "Testing Key").
  3. Select the domains you want to restrict this key to, or choose "All Domains" for unrestricted access.
  4. Click "Create Key".
  5. Copy your new API key immediately and store it securely. You won't be able to view the full key again.

Rotating API Keys

It's good practice to rotate your API keys periodically. To rotate a key:

  1. Create a new API key as described above.
  2. Update your applications to use the new key.
  3. Once you've verified that everything is working with the new key, delete the old key.

Deleting an API Key

To delete an API key:

  1. In the API Keys section, find the key you want to delete.
  2. Click the "Delete" button next to the key.
  3. Confirm the deletion when prompted.

Deleting an API key is irreversible. Make sure you're no longer using the key in any of your applications before deleting it.

Domain Restrictions

Roozna allows you to restrict your API keys to specific domains for enhanced security:

  1. When creating or editing an API key, you'll see a "Domain Restrictions" section.
  2. Enter the domains you want to allow, separated by commas (e.g., "myapp.com, api.myapp.com").
  3. Use "*" to allow all domains (not recommended for production keys).

Requests from non-allowed domains will receive a 403 Forbidden error.

Best Practices for API Key Management

  1. Use descriptive names: Give each key a clear, descriptive name to easily identify its purpose.

  2. Limit access: Only share API keys with team members who absolutely need them.

  3. Use environment variables: Store API keys in environment variables, never hardcode them in your application.

  4. Rotate regularly: Create new keys and retire old ones on a regular schedule, especially for high-security applications.

  5. Monitor usage: Regularly check the "Last Used" date for your keys and investigate any unexpected usage.

  6. Use separate keys: Use different API keys for different environments (development, staging, production) and different applications.

  7. Implement domain restrictions: Whenever possible, restrict keys to only the domains that need to use them.

Rate Limits and Usage

Each API key is subject to rate limits based on your Roozna plan. You can view your current usage and limits in the dashboard:

  1. Go to the API Keys section.
  2. Click on a specific key to view its details.
  3. You'll see current usage statistics and your plan's limits.

If you exceed your rate limits, you'll receive a 429 Too Many Requests error. Consider upgrading your plan if you consistently hit these limits.

Next Steps

Now that you understand how to manage your API keys, you're ready to start making authenticated requests to the Roozna API. Check out our API reference to learn about available endpoints and how to use them.

Explore the API reference

Was this page helpful?