New Access Key Management July 09, 2024 15:03 Updated Índice: Introduction What has changed with the access key? How to create a new access key? Deleting an access key HTTP Configuration Security Recommendations Introduction In this article, you will learn more about the changes in chatbot access key management. The new key management aims to increase security and provide users with better management of their keys, such as creation and removal directly in the portal. We advise you to change the keys periodically (e.g., every 6 months) as a best security practice, store the information in a safe place, and never share this information. What has changed with the access key? Before the new management tool, it was not possible to change access keys; they were obtained through the Settings menu and then accessing the Connection Information screen as shown in the image below: Now, this information is found in the Settings menu and then by accessing the Access Keys screen. On this new screen, you can manage the keys, such as creating and removing access keys. For your security, the access key will only be displayed at the time of creation and cannot be viewed again in the portal, thus avoiding unnecessary exposures. How to create a new access key? Only chatbot administrators will have access to this feature. Access the blip.ai portal and select the desired bot. Once loaded, click on the Settings menu and go to the Access Keys screen. Default key: For the chatbot to work correctly, a default access key is required. When creating a new chatbot, this default key is automatically generated. To change the default key, simply create a new key, and the last key generated will become the default. A key marked as default cannot be deleted. On the Access Keys screen, click the New Key button, enter a name of your choice for the key, and click Create. After clicking the Create button, a new screen will appear that will display the newly generated key only once. On this screen, you can verify your new key in HTTP or SDK format. Save this information in a safe place for later use and never share your key. As a security measure, we recommend periodically changing the key. Authentication Types: SDK Format: Used for projects with SDK integration, such as Blip C# SDK, Blip Javascript SDK, Blip Python SDK, or Lime SDK. HTTP Format: Used in the header (Authorization) of an HTTP request, such as in integrations or HTTP requests to Blip. To learn more about authentication types (SDK and HTTP), visit the documentation at https://docs.blip.ai/#authentication After creating the key, a reference to the key will be displayed on the key management screen, allowing you to consult its information and also remove the correct key. Deleting an access key Before performing the process, ensure that there are no integrations with BLIP using the key you want to delete. We recommend generating a new key, updating your integrations, and then proceeding with the deletion of the old key. To delete an access key, click the trash icon on the desired key. Confirm the deletion by clicking the Delete button. A message saying Key successfully deleted will be displayed, completing the deletion process. HTTP Configuration To change the bot's HTTP configuration, you will now need to provide your SDK key, thus increasing the security of who can change this information for your chatbot. Security Recommendations 1. Periodically change the security key: It is recommended to change the access key periodically, for example, every 6 months. Since the key does not expire, if it is obtained improperly, it could be used indefinitely until it is deactivated. 2. Store the key in a safe place: Do not store the access key in a public place. Store the generated key in a safe place, such as a password manager or a privileged access manager, preferably one with access management to saved information. 3. Sharing the access key: Only do this if you trust who you are sharing the information with (application or person). Be careful when sharing the access key; use a secure method to share information, such as a password manager or a privileged access manager with access management. 4. Do not leave the key in the code: Do not leave the access key directly in your application code. You should keep secrets separate from your code, for example, in configuration files or environment variables. For more information, join the discussion on the topic in our community or watch the videos on our channel. 😃 Related articles Builder variables Active Messages - Error Codes Action: HTTP request How to build bots using SDKs or HTTP API How to Use Queue Management for Routing Support Tickets