Browse docs

Features

Secure Feed URLs and Rotatable Keys

How Cybora secures feed access with HTTPS and license keys, and what admins should consider after leaks or device changes.

Last updated: June 26, 2026

On this page

A Cybora feed URL contains a license key. It should therefore be treated like a secret: do not publish it in public tickets, screenshots, chat rooms, documentation, or example configurations.

Delivery happens over HTTPS. The key authorizes feed retrieval and assigns usage to a plan, device, or logical edge.

Why feed URLs are sensitive

Anyone with a complete feed URL can generally attempt to retrieve the feed. Even though rate limits and abuse protections help, correct key handling is essential.

Typical leak sources include:

  • screenshots from firewall configurations
  • internal wikis or public documentation
  • support tickets with the full URL
  • chat history
  • shared test scripts

Key rotation

If a key was exposed or a device is replaced, it should be rotated. After that, the firewall configuration must be updated with the new feed URL. For MSPs, this rotation should be as targeted as possible per customer or site.

The exact workflow is documented in Key Rotation.

Good practice

Use placeholders in documentation and tickets, for example:

https://api.cybora.io/feed?key=<LICENSE_KEY>&type=ipv4

Share real keys only through designated secure channels and verify after changes that the firewall still retrieves the feed successfully.