I believe my API credentials are being misused. What should I do?

Security is essential for us, that’s why only the administrator user of your Merchant portal account can access and manage API credentials.
If you believe that an unauthorized party is using your set of API credentials, head to Settings >

in the Merchant portal, and disable those credentials to ensure they can no longer be used. Then generate a new set of API credentials to replace the previous one in your integration.
Good to know: you can find all API activities between your store and us during the past 7 days under Logs in the Merchant portal. So you can, for example, use this to look for order management actions outside your business hours.