Keep Your Access Tokens Secure

Ensure that your credentials are only ever shared in a secure manner, with authorized individuals.

Store your credentials securely in a location that is inaccessible to unauthorized users or applications.

Encrypt your credentials both at rest and in transit to add an additional layer of security.

You should rotate your credentials on a recurring basis by resetting the access token and updating your integrations to use the new credentials.

Only grant the scopes required for the token's purpose when creating an access token. Restricting an access token's scope will help to reduce the potential damage if the token is compromised.

When you enable an access token, you should also reset it and update all integrations to use the new token's credentials. This will ensure that any possibly compromised credentials will no longer be valid for that token.

If you suspect a token is compromised, reset the access token. This will immediately remove all access to unauthorized actors. Next, update all of your integrations to use the new credentials.

If an access token is no longer required, disable or delete it. This will take effect immediately.

Be sure to keep your technical contact and access token contact information updated to allow impact.com staff to communicate with you about your API tokens if needed. Select one of the following links to update your contact information: Brand, Partner, or Agency.