For more help creating, deleting, and managing API keys, see the API Keys
documentation.
Best Practices
It’s crucial you handle your API keys securely. Do not share your API key with others or expose it in the browser or other client-side code. Here are some general guidelines:- Store API keys in environment variables.
- Never commit API keys to version control.
- Never hard-code API keys in your code or share them publicly.
- Rotate API keys regularly. If an API key hasn’t been used in the last 30 days, consider deleting it to keep your account secure.
When you create an API key in Resend, you can view the key only once. This
practice helps encourage these best practices.
Example
Many programming languages have built-in support for environment variables. Here’s an example of how to store an API key in an environment variable in a Node.js application.1
Create an environment variable
Once you create the API key, you can store it in an environment variable in a 
.env file..env
2
Add the file to your gitignore
Add the 
.env file to your .gitignore file to prevent it from being committed to version control. Many frameworks already add .env to the .gitignore file by default..gitignore
3
Use the environment variable in your code
ts const resend = new Resend(process.env.RESEND_API_KEY);