API keys provide full access to your MailChimp account, so always keep them private.
- If you're issuing an API key for an app, give it an appropriate label. That way, you can easily revoke it later if you ever need to.
- Be careful not to expose the key to the public (such as in screenshots, videos, help documentation, etc). Remember that blurring your data isn't always enough. It's best to use "cut" functions in your graphics program to remove the data completely.
- Don't share the key with anybody. Not even your mom. And don't hide a copy under your door mat. The bad guys already know to look there.
If you have done any of these naughty things previously, you can disable the current keys in your account by visiting account > api keys and info . Disabling an API Key immediately renders it unusable.