Synchronize API Keys Across Devices

By default API Keys are only saved in the local storage of your browser as explained in Security. However you also have the option to synchronize your API Keys across devices, by storing them on our servers.

For details on how we securely handle your synced API keys please see the section on Security

Prerequisites

2FA must be enabled on your account to use this feature.

Setup on your primary device

On the device you have your API keys added and want to sync them:

  1. Navigate to Settings > Accounts

  2. Enable Sync API KEYS

  3. (Alternatively you can also activate it under Settings > General)

  4. Request your verification mail

  5. You will receive an email with a link to verify your device.

  6. Under the SYNC tab you can manage and remove your devices from the sync service.

  7. Once your device has been verified, you can store your API Keys on our servers.

  8. Under the ACCOUNTS tab (Settings > Accounts) you can either choose manually which ones to upload and which ones to keep local only. Or you can enable Auto connect all accounts.

Syncing on a new Device

  1. Log in to your account on a different device

  2. Once again navigate to Settings > General > Sync API Keys

  3. Go to Accounts > Sync

  4. Activate and verify your new device through email as before

  5. Retrieve your keys on this new device.

Note: The importing of the keys might take some time.

Security

We take your security serious! By default API key synchronization is deactivated and you have to activate the opt-in feature first. At any time it requires two-factor authentication (2FA) to be enabled on your account. You can manage API keys and devices individually, potentially excluding sensitive accounts from the sync service. Synchronized keys are stored in a fully isolated environment accessible only by Insilico servers, with no external internet access. For additional protection, all keys are encrypted using the AWS Key Management Service (KMS), adding an extra security layer beyond standard storage encryption. The device verification system ensures that only your explicitly authorized devices can access your keys - and even then, browsers only receive encrypted data. If you remove a verified device from your account, the locally stored keys on that device are automatically disabled, protecting against unauthorized access in case of device compromise.

PreviousAdding your API Key to the TerminalNextProgressive Web App (PWA) Guide

Last updated