When you enable secure access for your environment or when you need to preview content, Delivery API requires an API key with each API request.

Expiration

The API key expiration length is set to 1 year by default. This is also the recommended expiration length. When creating or regenerating your API keys, you can specify your preferred API key expiration length. The expiration length can vary from 1 minute to 5 years.

Email reminders before expiration

Before the API key expires, we'll send email notifications to all Project managers in the project.

Revocation

If you regenerate your API key before its expiration date, the API key is revoked after a few minutes, and you get a new API key. For requests made with a revoked API key, you receive the 403 Unauthorized error. The API key isn't revoked if you deactivate secure access for your environment. Such API key remains valid and can be used again once secure access is activated for the environment. 

Scope

The scope of the Delivery API keys depends on how the API keys are configured. The Delivery API keys can be limited to specific environments. For example, an API key can be restricted to the production environment. The Delivery API keys are shared between all Project managers in the project.