Uses of API keys and secrets

API Methods

Most API methods require authentication, which is 1) automatically handled for you when using our SDKs or 2) handled by manually creating a signature if using our SDKs doesn't work for your use case. Both require an API key and API secret tied to your account.

For enterprise users using our Provisioning API, there are also API keys and secrets for those API methods, which are managed separately from the standard keys. 

Signature validation

An account's API secret is used by Cloudinary when creating signatures, so you can confirm the authenticity of API call responses or webhook notifications sent by Cloudinary. For more information about those uses of API keys and secrets, please see the summary documentation for Signature Generation.

Changing API keys and secrets

Depending on your account type and settings, the "Getting started" or "Dashboard" parts of the console may show you a key and secret for your account, but not all keys are shown there and the keys cannot be changed from the Dashboard.

Using the Access Keys page of your settings of your account, you can see all of the existing API keys and secrets for your account, along with the current status of each:

To change a key, you should first create a new key and secret by selecting "Generate New Access Key", confirming your user password, and saving the form.

After your application code has been updated to use the new values, you can disable the previous key by changing the "Status" selector to "Disabled", entering your password to confirm the change and then saving the form.