12Şub
Is it common for API providers to offer an endpoint to allow customers to make a key rotation using a secret? Are There Security Concerns?
We currently provide API keys to our users for authentication, but we do not support API key rotation (i.e., users must generate new keys manually).I’m trying to understand:
Is it common for API providers to offer and endpoint to allow customers to make a key rotation using a secret, or is manual key rotation the standard practice?
Are there security concerns with implementing API key rotation using a secret? Would love to hear how others handle this and if there are any security implications we should consider.
