ShieldKey provides information about protect your meta api tokens. Secure your Meta Graph API tokens with proxy tokens, instant revocation, and audit logs. Prevent ad account and page manipulation.

AES-256-GCM encrypted Zero-knowledge architecture We never see your keys Read security model

Protect Your Meta API Tokens

Wrap your Meta Graph API tokens in proxy tokens with IP restrictions and instant revocation — protect ad accounts and pages.

Start Free Read Docs
<25ms p50proxy overhead
AES-256-GCMencryption
IP + rate + geoenforcement
99.95%uptime

Before & After

See how ShieldKey protects your Meta (Facebook) integration with minimal code changes.

Before — raw Meta (Facebook) key 
import bizSdk from "facebook-nodejs-business-sdk";

const api = bizSdk.FacebookAdsApi.init(
  "EAAGabc123..."  // ← ad account access token
);

const account = new bizSdk.AdAccount("act_123456");
const campaigns = await account.getCampaigns([]);
After — ShieldKey proxy token 
import bizSdk from "facebook-nodejs-business-sdk";

const api = bizSdk.FacebookAdsApi.init(
  "sk_shield_t_8d4b..."  // ← revocable proxy token
);
// Routes through proxy.shieldkey.io

const account = new bizSdk.AdAccount("act_123456");
const campaigns = await account.getCampaigns([]);

What ShieldKey Does for Your Meta (Facebook) Keys

Instant Revocation

Disable any team member's access to your Meta (Facebook) key in one click. No key rotation. No downtime. No re-deploying environment variables.

Spend Limits

Set per-token spend caps so a compromised token can't run up your Meta (Facebook) bill. Get alerts before limits are hit.

IP Allowlisting

Restrict each shield token to specific IPs or CIDR ranges. Even if a token leaks, it's useless from unauthorized networks.

Full Audit Trail

See every API call made through your Meta (Facebook) key — who made it, when, from where, and what they accessed.

Zero-Knowledge Encryption

Your Meta (Facebook) key is encrypted with AES-256-GCM. It's only decrypted in memory during request proxying — never stored in plaintext.

Team Access Control

Issue individual shield tokens to each team member. When someone leaves, revoke their token — everyone else keeps working.

FAQ

How do I protect my Meta (Facebook) API key?

Add your Meta (Facebook) key to ShieldKey's encrypted vault. ShieldKey generates a proxy token (starting with sk_shield_t_) that your team uses instead. Your real EAA key stays encrypted and is never exposed to team members.

Can I use ShieldKey with the facebook-nodejs-business-sdk SDK?

Yes. Point your facebook-nodejs-business-sdk SDK at proxy.shieldkey.io and use a shield token instead of your real API key. The SDK works identically — ShieldKey transparently proxies every request.

What happens to my Meta (Facebook) key if a team member leaves?

Revoke their shield token from the dashboard. Your real Meta (Facebook) key stays active — no rotation, no downtime, no re-deploying secrets across services. Everyone else keeps working without interruption.

Does ShieldKey add latency to Meta (Facebook) API calls?

ShieldKey's proxy adds less than 25ms at the p50. The proxy decrypts your key in memory, forwards the request, and streams the response back. For most Meta (Facebook) API calls, this overhead is negligible.

Protect Your Meta (Facebook) Keys Now

Set up ShieldKey in under 5 minutes. No credit card required.

Start Free