Issuing, rotating and revoking API keys

Managing API keys in Leafy Energy (demo)

An API key is a powerful credential. The Leafy Energy demo shows how to safely issue, rotate and revoke keys.

Issuing an API key

• Admins create keys via the customer portal.
• Each key belongs to a customer and optionally to a specific integration (for example billing or home automation).

Key rotation

• First create a new key and configure it in your integrations.
• Test that all calls succeed with the new key.
• Disable the old key only after validation.

Revoking in case of loss or abuse

• Immediately block the key in the portal.
• Review logs around the time of loss for suspicious activity.

In training scenarios you can simulate a leaked demo key and work with participants on a rotation strategy.