Compromised Auth API Keys

If you suspect or are sure that your auth API Keys have been compromised or exposed, you can regenerate or expire them.

How to regenerate or expire auth API Keys

  1. Log in to the Tatum Dashboard.

  2. Navigate to the [API Keys] section.

  3. Find the auth API Key(s) you have issues with.

  4. Access the [...] Menu.

  5. Regenerate or Expire:

    • Regenerate: This will replace the auth API Key with a new one. You will need to update the key anywhere it's used.
    • Expire: This will "expire" the auth API Key. This immediately stops anyone from using it. Virtual Accounts and Notifications are bound by auth API Key; they will stop working.


When regenerating the auth API Key, keep special attention to KMS since it requires a 1:1 match with the auth API Key that broadcasts transactions for signature.


The auth API Keys function as the primary means of authentication for requests made through both the REST API and the Tatum SDK. They facilitate access to sensitive data and critical functionalities within users' applications. Any compromise or breach of these keys may lead to unauthorized access, data breaches, and potential financial loss.

Users are advised that by utilizing our platform and its services, they accept full responsibility for the protection and security of their auth API Keys.

Users are strongly encouraged to exercise due diligence and vigilance in managing and securing their auth API Keys to ensure the continued security of their applications and data.

Our platform disclaims any liability or responsibility for any unauthorized access, data breaches, or financial loss resulting from the misuse or compromise of the auth API Keys.