Secure API Key Management Guide
Best practices for securely managing your Convert Fleet API keys, including environment variables, key rotation, and access control.
You need an API key to follow this guide. Get a free API key →
1Never Hardcode API Keys
API keys should never appear in your source code, git repositories, or client-side JavaScript. Always load them from environment variables.
# .env file (add to .gitignore!)
CONVERTFLEET_API_KEY=cf_live_your_key_here
# Node.js usage
const API_KEY = process.env.CONVERTFLEET_API_KEY;
# Python usage
import os
API_KEY = os.environ.get("CONVERTFLEET_API_KEY")2Add API Keys to .gitignore
Make sure your .env file is never committed to version control.
# .gitignore
.env
.env.local
.env.production3Rotate Keys Regularly
Go to your Convert Fleet Dashboard > API Keys and click "Rotate Key" every 90 days or immediately if a key is exposed. Old keys are revoked instantly upon rotation.
4Monitor Key Usage
Review the API usage dashboard regularly to detect unexpected consumption patterns that might indicate a compromised key.
That's it!
You've successfully integrated the Convert Fleet API. Check the API reference for the full list of parameters and error codes.
Related API Endpoints
More Integration Guides
Start Building Today
Free tier includes 200 free credits (valid 30 days from signup). Pro plan unlocks unlimited API access.