An NCM API key is equivalent to an NCM user account and should be protected accordingly. If you suspect or know an API key has been compromised, it is strongly recommended to promptly delete, regenerate, and deploy a new API key.
Note
If a compromised API key is integrated into one or more critical business processes, generating and deploying a new API key before deleting the compromised one can ensure business continuity, but also expands the period of time the previous API key could be misused. A risk analysis is recommended to determine the best approach.
To minimize the risk of API key compromise, consider implementing the following security practices:
Periodically rotate (regenerate, deploy, and delete) your API keys
Delete any unused or deprecated API keys