You can immediately expire an API key without deleting it. This is useful when:
- A key may have been compromised.
- An employee leaves the organization and their keys should be deactivated.
- You want to deactivate a key while preserving its audit history.
- Navigate to your API Keys portal.
- Locate the key you want to expire.
- Click Force Expire.
The key immediately becomes inactive. Authentication attempts using a manually expired key will fail.
Manually expired keys are not deleted. They remain visible in the API Keys portal with an "Expired" status for audit and tracking purposes.
| Action | Key visible in portal | Audit history preserved | Can be restored |
|---|---|---|---|
| Force Expire | Yes | Yes | No |
| Delete | No | Logged in Audit Log only | No |
Use Force Expire when you need to maintain a record of the key's existence. Use Delete when you want to permanently remove the key from the portal.