Skip to main content
GuideGeneral

Secure API Key Management Guide

Best practices for securely managing your Convert Fleet API keys, including environment variables, key rotation, and access control.

LanguageGeneral
API ReferenceView Endpoint →

You need an API key to follow this guide. Get a free API key →

1Never Hardcode API Keys

API keys should never appear in your source code, git repositories, or client-side JavaScript. Always load them from environment variables.

bash
# .env file (add to .gitignore!)
CONVERTFLEET_API_KEY=cf_live_your_key_here

# Node.js usage
const API_KEY = process.env.CONVERTFLEET_API_KEY;

# Python usage
import os
API_KEY = os.environ.get("CONVERTFLEET_API_KEY")

2Add API Keys to .gitignore

Make sure your .env file is never committed to version control.

bash
# .gitignore
.env
.env.local
.env.production

3Rotate Keys Regularly

Go to your Convert Fleet Dashboard > API Keys and click "Rotate Key" every 90 days or immediately if a key is exposed. Old keys are revoked instantly upon rotation.

4Monitor Key Usage

Review the API usage dashboard regularly to detect unexpected consumption patterns that might indicate a compromised key.

That's it!

You've successfully integrated the Convert Fleet API. Check the API reference for the full list of parameters and error codes.

Related API Endpoints

More Integration Guides

Start Building Today

Free tier includes 200 free credits (valid 30 days from signup). Pro plan unlocks unlimited API access.