# How to Rotate Your API Key Safely > When and how to rotate your Trader Journal API key, and how to update your MT4/MT5 EA after rotating. **Tags:** api-key, security, account-management, trader-journal **URL:** https://traderjournal.app/app-guide/how-to-rotate-api-key --- # How to Rotate Your API Key Safely Your Trader Journal API key is the credential your MT4 or MT5 EA uses to authenticate with the sync server. If you ever need to change it - for security reasons or because you suspect it was exposed - here is how to do it correctly. --- ## When to Rotate Your API Key Rotate your API key if: - You shared it accidentally (for example, in a screenshot that showed the EA configuration) - You are switching from one PC to another and want to clean up old credentials - You suspect someone else has access to your account - You want to revoke access from a specific device or installation For normal ongoing use, you do not need to rotate keys on a schedule. Rotate on a reason, not a timer. --- ## How to Rotate the Key 1. Open Trader Journal 2. Go to the Accounts tab 3. Tap the account you want to update 4. Select Rotate API Key 5. Confirm in the dialog that appears The old key is immediately invalidated. A new key is generated and shown on screen. Copy it now - it is shown in full only once. --- ## Updating the EA After Rotation After rotating, your EA in MetaTrader is still using the old key. It will start failing to push data because the old key is rejected by the server. You will see errors in the MT4/MT5 Experts log. To update: 1. In MetaTrader, right-click the EA on the chart 2. Select Modify inputs (or double-click the EA icon in the top-right of the chart) 3. In the Inputs tab, find the ApiKey field 4. Replace the old value with your new key 5. Click OK The EA will immediately start using the new key and the next push cycle will succeed. --- ## The Key Prefix in Settings The Settings tab of Trader Journal shows the first 8 characters of your current API key. This prefix is not sensitive - it is visible in the UI to help you verify which key is active without exposing the full value. If the prefix shown in the app matches the first characters of the key you entered in your EA config, they are in sync. If they do not match, the EA is using an old or incorrect key. --- ## Multiple Accounts and Key Rotation Each account has its own independent API key. Rotating the key on one account does not affect your other accounts. If you have multiple EAs running for multiple accounts, only update the specific EA associated with the account whose key you rotated.