Increase Security By Removing Unused API Keys
It is important to periodically clean up unused API keys to maintain a secure environment. A few instances where we recommend reviewing your API keys include:
- After updating your integrations using the migration guides
- When employees with API Keys no longer work at the company
- When the API Keys are no longer being used - This could be a monthly or quarterly review
Workflow for removing API Keys
- In the Carbon Black Cloud console, view the audit log to check if an API key is being used.
Note: You can also see the user who last retrieved the credentials, so you can confirm with them before removing the key.
- If you are still unsure, you can perform a soft check by changing the credentials and searching for API errors. You will receive a 403 Forbidden error on any API calls made with incorrect credentials.
- Once you are confident that the API key is unused, you can safely delete it.
Guides and Resources
Use this form to give us feedback about this site or any of the documentation.
Last modified on August 17, 2023