To ensure enterprise grade security, OnceHub utilizes industry standard cryptographic practices to protect your account credentials. All API keys are secured using one-way cryptographic hashing, ensuring they remain unreadable even in the event of a database breach.

Key Security Features

• Hashed Key Storage: OnceHub does not store API keys in plaintext. Because we only store a secure cryptographic hash, a key is displayed only once upon generation. It cannot be retrieved again by any user or by OnceHub Support.
• Multi-Key Management: You can generate and maintain up to 25 active API keys per account to support:
  • Environment Segregation: Use separate keys for staging and production environments to prevent accidental data leaks.
  • Vendor Management: Assign unique keys to different third-party integrations to manage access independently.
  • Zero-Downtime Rotation: Supporting multiple concurrent keys allows you to generate a new key and update your application before revoking the old one, ensuring continuous service.

How to Generate an API Key

1. Click the gear icon located in the top-right corner of the page.
2. Select Account Integrations from the dropdown menu.
3. Select APIs & Webhooks tile.
4. In the API Keys section, click the Create API key button.
5. In the pop-up, enter a descriptive API Key Name (e.g. Production CRM).
6. Click Generate key. The API Key Created Successfully pop up will appear.
   IMPORTANT: Your API key is displayed here. For security reasons, it will only be displayed once.
7. Click Copy & close to copy the key to your clipboard and save it in a secure location.

How to Delete an API Key

If a key is compromised or no longer needed, you should delete it immediately to protect your data.

1. Locate the specific key in the API Keys list.
2. Click the Delete link next to the key name.
   A Delete Key confirmation pop up will appear warning that any application using this key will immediately lose access.
3. Click Delete key button to permanently delete the credential.