***
title: API Keys
'og:title': You.com API Key Management
'og:description': 'Learn how to create, manage, rotate, and secure your You.com API keys.'
------------------------------------------------------------------------------------------
## Overview
API keys authenticate your requests to the You.com API. You can create and manage your keys from the [API Keys page](https://you.com/platform/api-keys) on the Platform.
## Creating an API key
1. Go to [you.com/platform/api-keys](https://you.com/platform/api-keys)
2. Click **Create API Key**
3. Give your key a descriptive name (e.g., "Production", "Development")
4. Copy the key immediately -- it will only be shown once
Store your API key securely as soon as it's created. You won't be able to view the full key again after leaving the page.
## Viewing and managing keys
The [API Keys page](https://you.com/platform/api-keys) shows all your active keys with:
* Key name
* Creation date
* Last used date
* A partially masked key value
You can rename or delete keys from this page at any time.
## Rotating and revoking keys
To rotate a key, create a new key, update your applications to use the new key, and then delete the old one.
To revoke a key immediately, click **Delete** next to the key on the [API Keys page](https://you.com/platform/api-keys). Revoked keys stop working immediately.
If you suspect a key has been compromised, revoke it immediately and create a new one.
## Security best practices
* **Use environment variables** — Store API keys in environment variables, not in your source code.
* **Never commit keys to version control** -- Add `.env` files to your `.gitignore`.
* **Use separate keys for each environment** -- Create distinct keys for development, staging, and production.
* **Rotate keys regularly** -- Periodically rotate keys to limit the impact of any potential exposure.
* **Apply least privilege** -- Only share keys with team members and services that need them.