API keys are passwords.

Treat them as such.

3. Use Strong Transport Layer Security (TLS) Protocols

As noted above, all API traffic should be encrypted using the latest versions of TLS and SSL protocols to prevent eavesdropping attacks and other man-in-the-middle exploits that can compromise communications between clients and servers. The most secure protocol is TLS 1.2 with forward secrecy enabled, but many organizations may not have the ability to implement this version due to compatibility issues with older systems or legacy applications that don’t support it yet. In those cases, use TLS 1.1 or 1

Back to Main