Uses of API keys and secrets

API Methods

API methods that require authentication can be called by passing an Authorization header based on an API key and API secret from your account (Programmable Media's Admin API and the Media Optimizer API), or by calculating a signature based on the parameters you're passing to the API and an API key and API secret (Programmable Media's Upload API).

For enterprise users using our Provisioning API, there are also API keys and secrets for those API methods, which are managed separately to the standard keys. 

Signature validation

An account's API secret is also used by us when calculating signatures, so you can confirm the authenticity of API call responses or Webhooks notifications sent by Cloudinary. For more information about those uses of API keys and secrets, please see the summary documentation for Signature Generation.

Changing API keys and secrets

Depending on your account type and settings the "Getting started" or "Dashboard" parts of the console may show you a key and secret for your account, but not all keys are shown there and the keys cannot be changed from the Dashboard.

Using the Security settings page of your account, you can see all of the existing API keys and secrets for your account, under the "Access Keys" heading, along with the current status of each:

To change a key, you should first create a new key and secret by selecting "Generate New Pair", confirming your user password, and saving the form:

After your application code has been updated to use the new values, you can disable the previous key by changing the "Status" selector to "Disabled", entering your password to confirm the change and then saving the form: