Best Practice On API Key and Secret

I would like to know the best practice with respect to API Key and Secret usage… Currently, we have one key and secret pair which we use in local and lower environments to test…

As we are planning to move to production soon, can we use the same key and secret there as well or would it be good to have for a seperate key and secret for production environment. If seperate key-secret pair is good to have then please let us know how to get that.


Hi @subhadra.ponnada, important question to ask! We’re happy to advise. We provide and require two different sets of credentials for development and production. Here is our documentation on App Credentials, with an example of where you will find Production Credentials within your developer account: .

Let us know if we can provide any further help on this. Since you’re planning on moving to production soon, I’ll also recommend checking out our Submission Checklist: