How to refresh the API key

Once obtained the API key, you could start sending and receiving data and work connected with any Cloud Connected application.

However, during the implementation process you have to consider that for security reasons, the API key should be rotated on a regular basis. The initial API key and all the subsequent API keys obtained after each refresh operation will expire after some minutes. To be aware of this situation, the recommended approach is to keep track of the error code returned after each request performed. HTTP 401 error code as response will mean that it's time to get a fresh API key.

You can get a new API key providing the initial API key as well as the current one that have just expired, and using the PATCH operation described in this link.

If the PATCH operation has returned successfully, you'll be provided with the new API key that will allow you to keep on working when you've been returned with the HTTP 401.

Please, take a look at the next workflow that represents this whole process graphically:

API rotation workflow

Remember to always keep securely stored the initial API key given for each integration, as well as the last provided, because both will be required each you need to refresh your API key.