How to rotate and delete API tokens
It is advisable to periodically rotate API tokens to minimise the risk of unauthorised access to your account data. API token rotation refers to regularly replacing tokens by generating new tokens and deactivating old ones.
By regularly changing tokens, you ensure that even if a token is compromised, it becomes outdated after a specific time frame, which limits the possible risk to your account data.
Rotating an API token
- Generate a new API token.
- Verify that the newly generated token works with your existing applications as expected.
- Once you have confirmed the new token is functioning as expected, you must remove the old token following the guide below.
This process should be followed for each token.
Removing an API token
To remove an existing API token:
- Navigate to Settings > Integration from the main menu.
- Locate the token you would like to remove from the list.
- Click the Remove button.
- Click the Delete button to confirm.
Once a token has been removed, all existing integrations, reports, and other tools utilising this token for authentication with Felix API will be considered unauthorised. It is currently impossible to restore a token once removed, therefore, please check that all applications have been migrated before taking this irreversible action.