api-keys
Safeguard articles tagged "api-keys" — guides, analysis, and best practices for software supply chain and application security.
5 articles
API Authentication Best Practices (2026)
How you authenticate API clients decides how bad a leaked credential gets. Here is how to choose and harden API keys, bearer tokens, JWTs, and mTLS in 2026.
How to Rotate Leaked API Keys (2026 Playbook)
A leaked API key is a live credential until you kill it. Here is a provider-agnostic rotation playbook — grounded in the Toyota T-Connect and CircleCI incidents — that revokes access without breaking production.
OpenAI API Key Leakage on GitHub at Scale
A senior engineer's view of OpenAI API key leakage on GitHub at scale, why automated secret scanning misses so many, and what actually stops the bleeding.
OAuth vs API Keys
OAuth and API keys aren't interchangeable: one is a static, long-lived credential, the other a scoped, expiring token. Here's how to choose, backed by real breaches.
API Key Rotation Automation: A Practical Implementation Guide
Manual key rotation does not happen. Automated rotation does. Here is how to implement zero-downtime API key rotation for the services and credentials that matter most.