---
title: "API Key Security & Management"
description: "To ensure enterprise grade security, OnceHub utilizes industry standard cryptographic practices to protect your account credentials."
url: "https://help.staticso2.com/account-integrations/automation/api-and-webhooks/api-key-security-management"
---

To ensure enterprise grade security, OnceHub utilizes industry standard cryptographic practices to protect your account credentials. All API keys are secured using **one-way cryptographic hashing**, ensuring they remain unreadable even in the event of a database breach.

***

## Key Security Features

[Section titled “Key Security Features”](#key-security-features)

* **Hashed Key Storage:** OnceHub does not store API keys in plaintext. Because we only store a secure cryptographic hash, a key is **displayed only once** upon generation. It cannot be retrieved again by any user or by OnceHub Support.

* **Multi-Key Management:** You can generate and maintain up to **25 active API keys** per account to support:

  * **Environment Segregation:** Use separate keys for staging and production environments to prevent accidental data leaks.
  * **Vendor Management:** Assign unique keys to different third-party integrations to manage access independently.
  * **Zero-Downtime Rotation:** Supporting multiple concurrent keys allows you to generate a new key and update your application before revoking the old one, ensuring continuous service.

***

## How to Generate an API Key

[Section titled “How to Generate an API Key”](#how-to-generate-an-api-key)

1. Click the **gear icon** located in the top-right corner of the page.
2. Select **Account Integrations** from the dropdown menu.
3. Select **APIs & Webhooks** tile.
4. In the **API Keys** section, click the **Create API key** button.
5. In the pop-up, enter a descriptive **API Key Name** (e.g. Production CRM).
6. Click Generate key. The **API Key Created Successfully** pop up will appear. **IMPORTANT:** Your API key is displayed here. For security reasons, it will **only be displayed once**.
7. Click **Copy & close** to copy the key to your clipboard and save it in a secure location.

***

## How to Delete an API Key

[Section titled “How to Delete an API Key”](#how-to-delete-an-api-key)

If a key is compromised or no longer needed, you should delete it immediately to protect your data.

1. Locate the specific key in the **API Keys** list.
2. Click the **Delete** link next to the key name. A **Delete Key** confirmation pop up will appear warning that any application using this key will immediately lose access.
3. Click **Delete key** button to permanently delete the credential.
