16:I[5638,["972","static/chunks/972-315cf11f.js","953","static/chunks/953-43159573.js","83","static/chunks/app/articles/%5Bslug%5D/page-c07ca6e5.js"],"ArticleDetailClient"] 7:["$","$L16",null,{"article":{"id":"cmql0cxto00ntqhlf5g0fxkol","appId":"cmqi76zhj0002r26w6wuf4l85","title":"API Key Security Best Practices","slug":"api-key-security","excerpt":"How to secure your public API endpoints with API key gating and domain allowlisting.","content":"

Securing Your API

All public API endpoints require an X-API-Key header for authentication. Keys are created and managed in Admin → API Keys.

Domain Allowlisting

Each API key can optionally restrict requests to specific origin domains, preventing unauthorized usage from unknown sources.

Key Rotation

Regularly rotate your API keys and set expiration dates to minimize risk of compromised credentials.

","coverImage":"","author":"Jon Jones","tags":[],"status":"published","publishedAt":"2026-06-15T00:00:00.000Z","createdAt":"2026-06-19T14:12:24.253Z","updatedAt":"2026-06-19T16:51:13.646Z"}}] c:[["$","meta","0",{"name":"viewport","content":"width=device-width, initial-scale=1"}],["$","meta","1",{"charSet":"utf-8"}],["$","title","2",{"children":"API Key Security Best Practices | Demo Site - KOINETIC - Get your own"}],["$","meta","3",{"name":"description","content":"How to secure your public API endpoints with API key gating and domain allowlisting."}],["$","meta","4",{"property":"og:title","content":"Global Admin OS"}],["$","meta","5",{"property":"og:description","content":"Multi-tenant admin platform for modern apps"}],["$","meta","6",{"name":"twitter:card","content":"summary"}],["$","meta","7",{"name":"twitter:title","content":"Global Admin OS"}],["$","meta","8",{"name":"twitter:description","content":"Multi-tenant admin platform for modern apps"}],["$","link","9",{"rel":"shortcut icon","href":"/favicon.svg"}],["$","link","10",{"rel":"icon","href":"/favicon.svg"}],["$","meta","11",{"name":"next-size-adjust"}]] 6:null