API keys

When you enable secure access for your environment or when you need to preview content, Delivery API requires an API key with each API request.

Expiration

The API key expiration length is set to 1 year by default. This is also the recommended expiration length. When creating or regenerating your API keys, you can specify your preferred API key expiration length. The expiration length can vary from 1 minute to 5 years.

Email reminders before expiration

Before the API key expires, we'll send email notifications to all Project managers in the project.

If the expiration date is less than a day apart from the API key's creation date, the email notification is sent immediately.
If the expiration date is between 1–7 days apart form the API key's creation date, the email notification is sent 1 day before the expiration date.
If the expiration date is more than a week apart from the API key's creation date, the email notification is sent 1 week before the expiration date.

Revocation

If you regenerate your API key before its expiration date, the API key is revoked after a few minutes, and you get a new API key. For requests made with a revoked API key, you receive the 403 Unauthorized error. The API key isn't revoked if you deactivate secure access for your environment. Such API key remains valid and can be used again once secure access is activated for the environment.

Scope

The scope of the Delivery API keys depends on how the API keys are configured. The Delivery API keys can be limited to specific environments. For example, an API key can be restricted to the production environment. The Delivery API keys are shared between all Project managers in the project.

Expiration

The API key expiration length is set to 1 year by default. This is also the recommended expiration length.

When creating or regenerating your API keys, you can specify your preferred API key expiration length. The expiration length can vary from 1 minute to 5 years.

Email reminders before expiration

Before the API key expires, we'll send email notifications to all Project managers in the project.

If the expiration date is less than a day apart from the API key's creation date, the email notification is sent immediately.
If the expiration date is between 1–7 days apart form the API key's creation date, the email notification is sent 1 day before the expiration date.
If the expiration date is more than a week apart from the API key's creation date, the email notification is sent 1 week before the expiration date.

Revocation

The API key isn't revoked if you deactivate secure access for your environment. Such API key remains valid and can be used again once secure access is activated for the environment.