Getting Started
API Keys
Operational best practices for API key lifecycle management.
Separate Keys by Environment
Use dedicated keys for development, staging, and production.
| Environment | Recommended Key Name | Notes |
|---|---|---|
| Production | prod-main | Strict monitoring and alerts |
| Staging | staging-main | Mirror production traffic shape |
| Development | dev-local | Lower quotas and sandbox workflows |
Naming Convention
- Include service name and environment, e.g. api-gateway-prod.
- Avoid generic names like test1 or key-new.
- Add ownership tag in internal docs.
Monitoring
Use API Management page to monitor per-key call volume and last-used timestamp.
- Review inactive keys weekly.
- Delete unused keys to reduce risk.
- Alert on unusual traffic spikes.
Production Readiness
- Pin SDK/API versions in deployment manifests and release notes.
- Record request_id/job_id in logs for every API interaction.
- Run smoke tests after each deploy using a known short test video.
- Separate dev/staging/prod keys and rotate keys regularly.
Tip: Treat docs examples as baseline templates; finalize payload defaults in your own backend policy layer.
Acceptance Checklist
- Validate one success path and one failure path end-to-end.
- Confirm credits, usage metrics, and output links are consistent.
- Set retry and timeout policy for 429/5xx response handling.
- Document rollback procedure for integration incidents.
Key Governance Model
| Scope | Owner | Rotation Window |
|---|---|---|
| Production API | Platform Team | 30-90 days |
| Staging API | Engineering | On each release cycle |
| Developer Sandbox | Individual Dev | On role/offboarding change |