API Keys
Key Pair Structure
Each API key consists of two parts:
| Part | Prefix (live) | Prefix (test) | Description |
|---|---|---|---|
| Key ID | wc_live_ | wc_test_ | Public identifier — safe to log |
| Secret | wcs_live_ | wcs_test_ | Private secret — never log or expose |
Security Best Practices
- Store secrets in environment variables, not in source code
- Use separate keys per integration / environment
- Assign only the minimum scopes needed
- Rotate keys periodically
- Revoke keys immediately if compromised
Managing Keys
Keys are managed in Org Console → Clinic Settings → Developer API.
You can:
- View all active keys and their scopes
- Create new key pairs
- Revoke (cancel) individual keys