Find more about how to manage your API keys.The API key expiration length is set to 6 months by default. This is also the recommended expiration length.When creating or regenerating your API keys, you can specify your preferred API key expiration length. The expiration length can vary from 1 minute to 2 years.Before the API keys expire, the users who can manage the API keys are notified via email.The Management API key is standalone and not tied to any individual user. API operations performed with the Management API key are shown in the content item version history and audit log as changes made by the specific API key.The Personal API key inherits the identity of the user who generates the key. API operations performed with the personal API key are considered changes made by the specific user.The personal API key dynamically inherits the permissions of the user who creates it. For example, if you have the Manage taxonomy permission, the personal API key grants access only to Management API endpoints for managing taxonomy groups. Using such an API key with other endpoints results in a 403 Unauthorized error. If your role permissions change, your personal API key's permissions also change.The Management API key's permissions are customizable. You can tailor them to your specific apps and integrations. For example, you can configure a Management API key to grant read-only access to your content items.If you regenerate your API key before its expiration date, the API key is revoked after a few minutes, and you get a new API key. For requests made with a revoked API key, you receive the 403 Unauthorized error.The API key isn't revoked if you deactivate the Management API for the environment. Such API key remains valid and can be used again once Management API is activated for the environment.For the Management API key, the scope is per project because it's not tied to any specific user. For Personal API keys, the scope is per project per user. The scope of each API key might also be limited to specific environments.This means you can use a single API key for all your project's environments. For example, if you clone an environment using the API, you can use your current API key for the cloned environment.
Management API keys with a static set of customizable permissions. Use unique Management API keys when integrating with third-party services or for continuous usage in production.
Personal API keys with a dynamic set of inherited permissions. The API key has the same permissions as its owner. Use personal API keys in your personal projects for testing. Don’t share your personal API keys with anyone else.
If the expiration date is less than a day apart from the API key's creation date, the email notification is sent immediately.
If the expiration date is between 1–7 days apart form the API key's creation date, the email notification is sent 1 day before the expiration date.
If the expiration date is more than a week apart from the API key's creation date, the email notification is sent 1 week before the expiration date.
