Case Studies Industries Departments Features AI Cost Savings
Quickstart Tutorial Examples Features Deepdive Search Demo API Reference Technical Write Ups
About Legal Security Pricing
Pricing Login

Sturdy Statistics API Key Management Policy

1. Overview

Sturdy Statistics provides API keys for secure authentication and access control to our services. API keys function as bearer tokens, meaning that anyone in possession of a key can perform any action authorized for that key; this may include reading and writing data or managing permissions. API keys must be treated as confidential credentials—just like passwords.

To prevent unauthorized access, data breaches, and service abuse, you must handle API keys securely and rotate them regularly.

By using the Sturdy Statistics API, you agree to follow the security best practices outlined in this policy.

2. Best Practices for API Key Security

To protect your data, maintain API integrity, and prevent service disruptions, you must adhere to the following security practices:

  • Use a unique API key for each application, service, or user role to prevent cross-contamination.

  • Rotate keys regularly to limit exposure in the event of an accidental leak. We recommend rotating keys every 3 months. You can avoid service interruption by deploying new keys to your application before the rotation grace period expires. (The grace period defaults to 1 hour, but can be extended up to 15 days if needed).

  • Monitor API key usage and activity to detect suspicious access patterns. Revoke compromised keys immediately.

  • Follow the principle of least privilege by granting only the minimum permissions required for each key. Use separate read-only and write-access keys when possible.

  • Store API keys securely: Never hard-code API keys in source code. Use environment variables or a secrets manager instead. Never expose API keys in public repositories, client-side code, client-side environments like browsers or mobile apps, or configuration files that could be accessed by unauthorized parties.

3. Customer Responsibilities

By generating and using Sturdy Statistics API keys, you acknowledge and agree that:

  • You are responsible for securely managing your API keys and preventing unauthorized access.

  • If an API key is compromised, lost, or exposed, you must immediately revoke or rotate it to prevent misuse.

  • Sturdy Statistics is not liable for damages resulting from compromised, mismanaged, or improperly stored API keys.

  • You should actively monitor API logs and respond to unusual or unauthorized activity.

  • Failure to comply with this policy may result in temporary suspension, rate limiting, or termination of API access.

For further guidance on implementation and key security best practices, refer to our API Key Management Documentation.