Protect Your API Key
- Never expose your API key in frontend applications
- Always store and use it from a secure backend or server
- Do not commit API keys to public repositories
Use Secure Storage
- Store API keys in environment variables or secure vaults
- Avoid hardcoding keys in source code
Rotate API Keys
- Periodically rotate your API keys
- Immediately regenerate if a key is exposed or compromised
Control API Usage
- Respect your plan’s rate limits (RPS)
- Avoid sending unnecessary or duplicate requests
- Implement request throttling on your side if needed
Handle Failures Properly
- Implement retry logic with delays
- Do not continuously retry failed requests without control
Use Secure Connections
- Always call the API over HTTPS
- Do not use unsecured or modified endpoints