Learn how to generate API keys from your Bureau Dashboard.
Bureau APIs allow you to integrate with our services and access various functionalities. To ensure secure access, Bureau utilizes a 2-step authentication process that verifies both the identity of the sender and their permission to perform specific actions. This guide walks you through generating, managing, and deleting your Bureau API credentials.
Follow the below steps to generate your Bureau Credential ID and Credential Secret.
- Log into your Bureau Dashboard.
- Click the dropdown beside your profile name in the top right corner of the Dashboard.
- Click My API Keys.
- Click + Generate an API Key.
- Enter a name for the keys you want to generate. Use a consistent naming convention (such as
<service_name>-<dd_mm_yyyy>-<hh_mm>
) for easy identification and management. - Click Save & Add.
The API keys are generated and displayed on the screen.
Storing API Keys
Save your API keys in a secure location. You can also consider using a password manager for this.
Refer to the API Key Security Best Practices section for suggestions on how to safely save your API keys.
Delete API Keys
Permanent Action
This is a permanent action and cannot be undone. Ensure that the API keys are no longer need or have been replaced before you delete them.
You might need to delete your API keys for many reasons such as a security breach or a key rotation policy. Follow the below steps to delete your Bureau API keys.
- Log into your Bureau Dashboard.
- Click the dropdown beside your profile name in the top right corner of the Dashboard.
- Click My API Keys.
- Click the More Options (3 vertical dots) beside the API key you want to delete.
- Click Delete.
The API key is deleted.
API Key Security Best Practices
Your API keys allow you to access and interact with Bureau's APIs and services. Following these API key security best practices is crucial to safeguarding your data and protecting your account from unauthorized access. By implementing the below measures, you can minimize the risk of compromise and ensure the security of your Bureau integrations.
Best Practice | Description |
---|---|
Key Storage and Management | - Avoid public repositories: Never store API keys in publicly accessible code repositories. - Limit key sharing: Share keys only through secure, restricted channels like cloud-based document sharing or password managers. - Delete unused keys: Regularly remove keys that are no longer necessary to prevent unauthorized access. |
Key Scope and Naming | - Use distinct keys: Employ different keys for different applications to limit the impact of a compromise. - Implement informative naming: Use a consistent naming convention (such as <service_name>-<dd_mm_yyyy>-<hh_mm> ) for easy identification and management. |
Key Rotation | - Periodically change keys: Rotate API keys regularly (at least every three months) to mitigate security risks and detect anomalies in usage. |