# Keep Your Access Tokens Secure

Keeping your access tokens secure can be extremely important to help protect your sensitive data. Below are some handy tips to help keep your access tokens secure.

<div data-with-frame="true"><figure><img src="/files/yDpdueWxbZSChxZPWKhY" alt=""><figcaption></figcaption></figure></div>

<details>

<summary>Storing and sharing credentials</summary>

* Ensure that your credentials are only ever shared in a secure manner, with authorized individuals.
* Store your credentials securely in a location that is inaccessible to unauthorized users or applications.
* Encrypt your credentials both [at rest](https://en.wikipedia.org/wiki/Data_at_rest) and [in transit](https://en.wikipedia.org/wiki/Data_in_transit) to add an additional layer of security.

</details>

<details>

<summary>Rotate your credentials</summary>

* You should rotate your credentials on a recurring basis by resetting the access token and updating your integrations to use the new credentials.

</details>

<details>

<summary>Limit token scopes</summary>

* Only grant the scopes required for the token's purpose when creating an access token. Restricting an access token's scope will help to reduce the potential damage if the token is compromised.

</details>

<details>

<summary>Reset or revoke tokens</summary>

* When you enable an access token, you should also reset it and update all integrations to use the new token's credentials. This will ensure that any possibly compromised credentials will no longer be valid for that token.
* If you suspect a token is compromised, reset the access token. This will immediately remove all access to unauthorized actors. Next, update all of your integrations to use the new credentials.
* If an access token is no longer required, disable or delete it. This will take effect immediately.

</details>

<details>

<summary>Contact information</summary>

* Be sure to keep your technical contact and access token contact information updated to allow impact.com staff to communicate with you about your API tokens if needed. Select one of the following links to update your contact information: [Brand](/brand/readme/account-administration/account-settings/manage-your-account/manage-your-account-information-as-a-brand.md), [Partner](/partner/what-would-you-like-to-learn-about/account-management/account-settings/account-management/manage-your-company-information-as-a-partner.md), or [Agency](/agency/readme/account-settings/manage-your-company-information-as-an-agency.md).

</details>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.impact.com/other/readme/api-access-tokens-and-changelog/keep-your-access-tokens-secure.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.