api.data.gov icon indicating copy to clipboard operation
api.data.gov copied to clipboard
verified publisher icon 18F

Delete API Key

Open farisdurrani opened this issue 1 year ago • 0 comments

Issue Hi. As with any other secrets, they should be able to be changed or deleted to prevent security leakages. I don't see any function to delete an existing API key if that key has been leaked to the public.

In particular, I am commenting about the API key provided by api.congress.gov. A duplicate issue can be found on their GitHub page

Proposed solution 1 A simple way to resolve this is to create an input box taking in the API key given by the user. The backend will then query the database and delete the API key from usage so it can't be used anymore

Proposed solution 2 Another way is to have an expiration for each API key produced, either as a static value or a user-given value

farisdurrani avatar Jan 17 '24 22:01 farisdurrani