# Security

API Key security is your responsibility. Follow these practices to keep keys safe.

### Store and protect your key

Zwapgrid does not store your API Key after creation. **Copy the key when it is shown** and store it securely. Limit who has access to see or use the key.

### Where not to use API Keys

Do **not** use API Keys in front-end code or anywhere the key could be exposed, including:

* Web browsers or client-side applications
* Public repositories or shared code
* Logs, URLs, or error messages

Use API Keys only in secure server-side or backend environments where the key cannot be exposed to end users or the public.

### Refresh keys regularly

We encourage you to refresh your API Keys regularly as a security best practice. Create a new key, update your applications to use it, then delete the old key. See [API Key Lifecycle](https://docs.zwapgrid.com/client-portal/api-keys/api-key-lifecycle) for creating and deleting keys.

{% hint style="danger" %}
It is your responsibility to keep your API Keys safe.
{% endhint %}