How-to

How to rotate your BankBridge API key

2 min read
Go to Settings, click Rotate API Key, confirm. Your old bbk_ key stops working instantly; the new one is shown once in a modal. Copy it and paste into whichever agent host you use. If you use multiple hosts, repeat the paste. The docs pages show the new key inlined automatically the next time you load them.

When to rotate

  • Lost or stolen laptop that had your key in a config file.
  • You pasted the key somewhere public by accident (a gist, a screenshot).
  • You suspect an old agent config still has access.
  • Quarterly rotation as basic hygiene.
  • Switching from a shared work setup to personal.

The flow

  1. Sign in and go to Settings.
  2. Find the API key section. Click Rotate API key.
  3. Confirm in the dialog. The old key stops working the instant you click confirm.
  4. A modal shows your new bbk_… key. This is the only time the raw key is visible — we only store its SHA-256 hash.
  5. Copy the key into your password manager.
  6. Paste into whichever agents use BankBridge (Claude Desktop config, Cursor mcp.json, VS Code settings, etc.).

What happens to your existing agents

Every agent that still has the old key will fail authentication on its next tool call. Most hosts surface this as a 401 error or a reconnect prompt. Claude Desktop will show the connector as disconnected; Claude Code's /mcp will show status failed; Cursor will silently fail on the next tool use.

Fix them one at a time by reopening each host's config and pasting the new key. The auto-inlined snippets at /docs make this a copy-paste; you don't have to find the key anywhere else.

FAQ

Can I have multiple keys active at the same time?

No. BankBridge enforces one active key per user. Rotating replaces the previous key atomically. This is deliberate — it keeps the security model simple and revocation clean.

What if I can't remember where I pasted the old key?

Every doc page at /docs/<host> auto-updates with your new key the next time you load it. Rotate, then open each doc page you actively use and paste the inlined snippet into that host's config.

Does rotation disconnect my banks?

No. Bank connections live separately from API keys. Rotating the key only affects agent access; your connected banks stay connected.