We've launched a new way to manage your Pinwheel API keys that now enables manual and programmatic key rotation. Programmatic key rotation is enabled by our new Admin API. See the API Key Rotation guide for details. In short, using either the Developer Dashboard or the Admin API, you can create multiple active keys (with optional expiration dates) and revoke keys.
Also, this launch includes two important security enhancements:
- Your API secrets are no longer viewable after they're created. As a result, when you create a key, you will need to store the secret in a secure way.
- You will receive emails whenever a key is created or revoked. Monitoring these emails for unexpected key operations can help discover if one of your Developer Dashboard user credentials have been breached.