Rotate API keys

Last updated: Oct 22, 2024
HEALTH TECH VENDOR
HCO
DEVELOPER

Rotating your API keys means changing which API key your organization uses to make authorized requests.

As a best practice, we recommend rotating your API keys on a regular cadence that makes sense for your organization (e.g., every six months). Or you may need to rotate keys in response to a leaked key.

OAuth API keys

You can rotate OAuth API keys without downtime or Redoxer involvement. You have two options for rotating an OAuth API key:

  1. (Recommended) Use one OAuth key with multiple public keys.
  2. Use multiple OAuth keys with unique public keys for each one.

Legacy API keys

You can only rotate legacy API keys with a downtime and usually with Redox support. Submit a ticket via our Help Desk if you need help with this.

Alternatively, you do have the option to start using OAuth API key(s) alongside—or instead of—legacy API key(s). To do this, migrate from a legacy API key to an OAuth API key.