Skip to main content

How to Update Environment Variables When You Generate a New API Key

Updated over a week ago

When onboarding a new hospital, you’ll create a dedicated API key in the Corti Console to ensure data segregation and maintain strict access controls. While the API client and client key will be unique to the hospital, your tenant and environment will remain the same—allowing you to reuse most of your existing integration for a faster and smoother setup. This guide explains how to update your environment variables or configuration files with the new credentials to securely extend your integration to the new hospital.

When Should You Update Environment Variables?

You should update your environment variables or configuration files whenever:

  • You generate a new API client key in the Corti Console.

  • You rotate API credentials as part of your security policies.

  • An old API key is deprecated or disabled.

👉 Note: Even though your tenant and environment stay the same, the API client and client key represent the identity your system uses to access Corti’s APIs. Failing to update credentials will result in failed authentication attempts.

How to Update Your Integration

1️⃣ Locate your environment variables or configuration files

Typically, your API credentials are stored in:

  • .env files (e.g. CORTI_CLIENT_ID=..., CORTI_CLIENT_SECRET=...)

  • Secret managers (e.g. AWS Secrets Manager, Azure Key Vault, GCP Secret Manager)

  • Environment variables set in CI/CD pipelines or deployment scripts


2️⃣ Replace old values with new API client credentials

After generating your new API client key in the Corti Console:

  • Update CORTI_CLIENT_ID (or equivalent) with your new API client ID

  • Update CORTI_CLIENT_SECRET (or equivalent) with your new client secret

Example:

# Old values
CORTI_CLIENT_ID=old-client-id-123
CORTI_CLIENT_SECRET=old-client-secret-abc

# New values
CORTI_CLIENT_ID=new-client-id-456
CORTI_CLIENT_SECRET=new-client-secret-def

👉 Tip: If you use a secret manager, be sure to version or tag the updated secret so your applications retrieve the latest values.


3️⃣ Restart or redeploy your service

Depending on how your application loads configuration:

  • Restart your app to pick up the updated variables.

  • Trigger a redeploy in your CI/CD pipeline to refresh the environment.


4️⃣ Verify the update

✅ Send a test request to the Corti API.

✅ Confirm that your app successfully authenticates using the new credentials.

✅ Check your logs or monitoring system for authentication success.


Best Practices

  • Never hard-code API keys in source code: Always use environment variables or secure secrets management.

  • Remove or disable old API clients: Once you verify your new credentials work, clean up unused clients in the Corti Console.

  • Audit access: Ensure only necessary team members have permission to view or generate API client keys in the Corti Console.

Did this answer your question?