Compliance & Security Updated Mar 2026

API Key Security Best Practices

Protect your API keys and prevent unauthorized access to your account.

api keysecurityprotectrevokerotateenvironment

Securing Your API Keys

Your API key grants full access to send messages and manage contacts on your behalf. Treat it like a password.

DO:

  • Store keys in environment variables (SAKURA_API_KEY=sk_live_xxx)
  • Use separate keys for production and staging
  • Rotate keys every 90 days
  • Revoke keys immediately if compromised
  • Name keys descriptively (e.g., "Production Backend", "CI/CD Pipeline")

DO NOT:

  • Hard-code keys in source code
  • Commit keys to version control (Git)
  • Expose keys in client-side JavaScript
  • Share keys via email or chat
  • Use the same key for multiple applications

If a Key is Compromised

  • Go to Developer > API Keys immediately
  • Click Revoke on the compromised key
  • Generate a new key and update your application
  • Check your sending history for unauthorized activity
  • Contact support if you notice suspicious sends

Related in Compliance & Security

TCRA Regulations for Bulk SMS

Tanzania Communications Regulatory Authority rules for commercial messaging.

Data Protection & Privacy

How Sakura SMS protects your data and your customers' privacy.

Back to Knowledge Base

Ready to start sending?

Create your account, fund your wallet, and send your first SMS in minutes.

Create free accountTalk to sales