Skip to main content

API Keys

In the Kaunt API, API keys are scoped at the Tenant level. Each key provides access only to the specific tenant it was created for, ensuring clear data boundaries between tenants.

While client secrets cannot be rotated, it is possible to have multiple API keys active simultaneously for a tenant. This enables a recommended key rotation strategy:

  1. Create a new API key.

  2. Deploy it alongside the existing key.

  3. Once the new key is in use, delete the old one.

Please note that access tokens issued by a deleted API key will remain valid for the duration of their lifetime and are not revoked automatically. Be sure to consider token expiry time in your rotation process for complete access control.