# Reviewing unusual API activity

To assist in protecting your API keys against compromise, Stripe checks your API activity for deviations from past behaviour.
When we detect unusual API activity, we will send you an email notifying you of the fact, along with some information about the activity:
Example of an email you might receive from Stripe for any unusual API activity. It shows the request details including the user agent, device country, and time.
If you recognize this activity, there is nothing to do.
If you don't recognize the activity, you can see more details, along with your options, by pressing the **Review API request** button in the email to see the details of the anomaly.
If you suspect the email might be phishing, you can also navigate directly to the [Suspicious API activity page in the Stripe Dashboard](https://dashboard.stripe.com/settings/suspicious-api-activity). Find the activity in the table and click it.
Check the details and determine whether it was your integration that made the request:
* If you recognize this activity, press the **dismiss** button to move the activity to the resolved section.
* If you don’t recognize this activity, press the **rotate key** button, and you will be guided through the folow to rotate the affected API key. If a key you've already rotated was used for this activity, you will instead have the option to **expire** the key now. In either case, follow the instructions to remediate the API key compromise after rotating or expirinig the key.