Update: On Monday, July 20th, we updated how keys are generated and displayed in your Settings. This change means it is no longer possible to view your API key in plain text. Any keys you already have will still function. If you need to copy your API key, you will simply have to create a new key using the new API key management process.
Sometimes you'll need an API key to integrate with other apps.
You can find that by navigating to Settings > Integrations & API Keys within FullStory:
Note: API keys are no longer visible in plain text as shown above. Please see the new API key management process.
Keep your API key secure
It's important to treat your FullStory API key with the same secrecy you use for your passwords. Publicly exposing your key can allow unauthorized access to the FullStory API endpoints, and your FullStory data by a third party. Keep the following in mind to protect your key and your FullStory account:
- Never embed API keys directly in code: API keys embedded in code are easily discoverable by the public. Instead of embedding your API keys in your applications, store them in environment variables or in files outside of your application's source tree.
- Do not store API keys in files inside your application's source tree: If you store API keys in files, keep the files outside your application's source tree to help ensure your keys do not end up in your source code control system. This is particularly important if you use a public source code management system such as GitHub.
- Change your API keys from time to time: You can regenerate API keys from the page referenced above by clicking Regenerate followed by Save Key. Then, update your applications to use the newly-generated keys