# API secret - overview
The API secret is used for authentication in the most critical parts of the system where access should be limited. For example, the API secret is used in REST APIs and webhooks mechanisms.
Each environment has one API secret, but it can be changed.
For security reasons, the API secret should be kept in a safe place.
# API secret management
The API secret is available for every environment in the CKEditor Ecosystem customer dashboard for SaaS or in the Management Panel for On-Premises. To find it, please follow the steps below:
- From the list of environments select one that you want to manage:
- Go to the “API configuration” tab and click the “Refresh” button in the “API secret” section:
- Read message and click the “Refresh” button to create a new API secret:
- Copy the newly generated API secret and save it in a safe place. It will not be possible to display this API secret again.
If by any chance your API secret is made public, it should be changed immediately by using the “Refresh” button shown in the image above.