To safely rotate API keys in your Stream application while maintaining service for existing users:
1. Keep both the old and new API keys active on your server
2. Configure your server to handle token generation for both keys:
- Have your client send the API key when requesting a token
- Create the appropriate Stream client with the matching secret based on which API key is being used
- Generate JWT tokens using the corresponding secret key
3. Release an app update with the new API key
4. Maintain support for both keys until all users have updated
This approach ensures a smooth transition without service interruption for users who haven't yet updated their app.
Comments
0 comments
Please sign in to leave a comment.