Developer Documentation
Everything you need to integrate with the FundraiserMax API. Build custom workflows, sync donor data, and connect AI assistants to your fundraising platform.
Key Rotation
Regular key rotation is a security best practice. FundraiserMax supports zero-downtime rotation with a configurable grace period during which both the old and new secrets are accepted.
How It Works
- Call the rotation endpoint to generate a new secret. The old secret enters a grace period (default 24 hours) and continues to work alongside the new one.
- Update all of your applications and integrations to use the new secret.
- Once the grace period expires, the old secret is permanently invalidated. Only the new secret will be accepted.
Rotation Endpoint
POST/api/v1/api-keys/:id/rotate
Rotate the secret for an existing API key. Returns the new secret (shown only once) and the grace period expiry timestamp.
| Name | Type | Required | Description |
|---|---|---|---|
id | string | Yes | The API key ID to rotate (path parameter). |
gracePeriodHours | number | No | Hours the old secret remains valid. Defaults to 24. Max 168 (7 days). |
curl -X POST "https://api.fundraisermax.com/api/v1/api-keys/fmx_your_key_id/rotate" \
-H "X-API-Key: fmx_your_key_id" \
-H "Authorization: Bearer your_current_secret" \
-H "Content-Type: application/json" \
-d '{"gracePeriodHours": 48}'{
"newSecret": "fmxs_new_secret_value",
"gracePeriodEnds": "2026-02-18T12:00:00Z",
"message": "Old secret will remain valid until the grace period ends."
}Tip: Set up automated rotation on a schedule (e.g., every 90 days) and use the grace period to deploy updated secrets without downtime.