Knowledge BaseSecurityGenerate and rotate API keys

Generate and rotate API keys

Security 3 min read Updated March 2026

Generating a key

Portal → Account → API Keys → Create key.
Name it after the service using it (example: ci-github-actions).
Pick the scopes it needs. Follow least-privilege — a billing-read-only key should not have VM write.
Copy the secret once. We never show it again.

Use it

curl https://api.orvoxa.com/v1/vms \
  -H "Authorization: Bearer $TOKEN"

Rotating

Best practice: rotate every 90 days. Create a new key with the same scopes, deploy it, then revoke the old one. No downtime if done in that order.

Revoking

If a key leaks, revoke immediately from API Keys → Revoke. Effective in under 10 seconds globally.

Was this article helpful?

Previous

Enable two-factor authentication

Next

Enable the Web Application Firewall

Related

Enable two-factor authentication

Security

Enable the Web Application Firewall

Security

How DDoS protection works

Security

HIPAA compliance configuration

Security

Still stuck?

Our team answers tickets 24/7. Median first response: 15 minutes.

Orvoxa — White-Label Reseller Hosting Platform