What should I do if I suspect my API key has been compromised? (original) (raw)

If you suspect that your API key may be compromised, we recommend revoking the key immediately. You can do so by logging into your Claude Console account, going to the API keys page from your profile, clicking the meatball menu (i.e. the three horizontal dots) next to the key in question, and selecting ‘Delete API Key.’

You can generate a new API key by clicking on the ‘Create Key’ button on the same page; make sure to save this key somewhere secure, such as a secrets management system and avoid keeping the key in version control. If you continue to see any suspicious API activity or have other concerns, please contact our Support team.

Related Articles

How can I access the Claude API?How do I pay for my Claude API usage?API Key Best Practices: Keeping Your Keys Safe and SecureManage API key environment variables in Claude CodeHow can I check connectivity to the Claude API?