Two-Factor Authentication (2FA)
Two-factor authentication adds a second verification step at login, making it significantly harder for an attacker to access your account even if your password is compromised.Scan the QR code
Open your authenticator app (e.g. Google Authenticator or Authy) and scan the QR code displayed on screen.
Confirm with a code
Enter the 6-digit code generated by your authenticator app to verify the setup was successful.
API key management
API keys allow your applications to authenticate with the Zexa API. Treat them with the same care as passwords.Generate an API key
Name your key
Give the key a descriptive name that identifies its purpose, for example
Production App or Staging Environment.Revoke an API key
Go to Settings → API Keys and click Revoke next to the key you want to disable. The key becomes invalid immediately.Best practices
- Use one key per application or environment. Separate keys for production, staging, and development make it easy to rotate or revoke access without affecting other environments.
- Revoke unused keys. Delete any key that is no longer actively used.
- Never commit keys to source code. Avoid checking API keys into version control, even in private repositories.
Active sessions
Review all devices currently logged in to your account. Go to Settings → Security → Active Sessions. Each session entry shows:- Device — browser or app used
- Location — approximate geographic location based on IP address
- Last active — time of most recent activity
Password change
Update your password regularly to maintain account security.- Go to Settings → Security → Change Password.
- Enter your current password, then your new password.
- Click Save.
- Minimum 8 characters
- At least one uppercase letter
- At least one number
- At least one special character (e.g.
!,@,#,$)
If you suspect unauthorised access to your account, revoke all API keys immediately and contact the Zexa support team at suporte@zexa.ao. We will help you secure your account as quickly as possible.
