API Keys Rotation

Learn about managing your Truv credentials and API keys.

Overview

Truv credentials allow you to work with provider data from connected users. API keys are important values to keep secure and safe. Learn how to create new keys, delete outdated keys, and rotate their use.


Dashboard keys

The Truv Dashboard allows you to create and manage API keys. This section is for integrations that create Orders in the dashboard. Follow the steps below for rotating your credentials.

Dashboard steps

  1. Create a new key.

Create a new key in Truv Dashboard.

  1. Delete the old key.

Delete unnecessary access_token values to minimize exposure to attacks. Pending state transactions with the original key continue to process.



Truv API keys

The Truv API also allows you to create and delete credentials. For embedded solutions or Orders using the API, follow the steps below.

Truv API steps

  1. Create a new key.

Generate a new key in Truv Dashboard.

πŸ“˜

Tip

Create a sandbox key to test the integration before updating keys in production.

  1. Update the key in all applicable locations.

Find all locations for updating keys by searching for the X-Access-Secret request header in your code.

  1. Delete the previous key.

The outdated access keys are no longer needed and can be removed to reduce risk.

🚧

Warning

Deleting keys cannot be undone. Confirm all steps before deleting former keys.

Confirm all previous keys are rotated out and the new key is successful in your integration. The trash bin icon deletes the key. Pending state transactions with the original key continue to process.