Incident Response

Last updated: February 2, 2026

What to Do if Keys Are Compromised

If your API key is compromised:

  1. Immediately revoke the key in the Dashboard:

    • Navigate to Developer → API Keys

    • Find the compromised key and click Delete

    • Confirm the deletion

  2. Generate a new API key and update your application

  3. Update your environment variables with the new key before deleting the old one

Important: Deleted keys stop working immediately. Ensure you've updated your application with a new key before deleting the old one.

Reporting Security Concerns

Contact HIFI support directly:

  • 📧 Email: support@hifi.com

  • 💬 Slack: Message in your shared Slack channel

Security Best Practices

  • Store API keys securely (environment variables, secrets manager)

  • Never commit API keys to version control

  • Never expose keys in client-side code or public repositories

  • Use separate keys for sandbox and production environments