Expiration

The API key expiration length is set to 6 months by default. This is also the recommended expiration length. When creating or regenerating your API keys, you can specify your preferred API key expiration length. The expiration length can vary from 1 minute to 2 years.

Email reminders before expiration

Before the API key expires, we'll send an email notification to the API key's owner.

Identity

The API key for Subscription API inherits the identity of the user who generates the key. Any API operations performed with the key will show in the content item version history and audit log as changes made by the specific user.

Permission

The API key inherits the permissions of the user who creates it. For example, if you have permission to only manage API keys and manage taxonomy, the API key you create allows you to use Management API and work only with the taxonomy endpoints. Using such an API key with any other endpoints will result in an 403 Unauthorized error. The permission inheritance is dynamic. The API key permissions are directly tied to the current role of the user who creates it. If your role permissions change, the permissions of your API key change as well. No need to regenerate the API key.

Revocation

If you regenerate your API key before its expiration date, the API key is revoked after a few minutes, and you get a new API key. For requests made with a revoked API key, you receive the 403 Unauthorized error. You cannot revoke an API key without generating a new one.

Scope

The scope of the API key is per subscription per user. When you create or regenerate an API key in one of your subscriptions, the API key applies to all projects under the subscription.