Whenever user creates a team and the API Keys for third party integration, the API key should be visible (once right creation) and then it should be hidden. Since, teams can have multiple API keys associated with it, its better to shown them once to avoid exposure of it.
There is also no expiry to the API keys to make the best practice of rotating the API keys after duration of period.
Proposed Behavior
Whenever user creates an API Key for team, following message should be shown so that way user will securely copy & store the keys.
OR
We can masked the API keys (After creation) so that it wont be visible.
Following message will appear after API key creation.
Make sure to copy your API Keys now. You won’t be able to see it again!
Regarding Expiry for API keys, Each API Key must have an expiration date.
Current Behavior
Hi,
Whenever user creates a team and the API Keys for third party integration, the API key should be visible (once right creation) and then it should be hidden. Since, teams can have multiple API keys associated with it, its better to shown them once to avoid exposure of it.
There is also no expiry to the API keys to make the best practice of rotating the API keys after duration of period.
Proposed Behavior
Whenever user creates an API Key for team, following message should be shown so that way user will securely copy & store the keys. OR We can masked the API keys (After creation) so that it wont be visible.
Following message will appear after API key creation.
Regarding Expiry for API keys, Each API Key must have an expiration date.
Checklist