Apikey rotation overview

API key rotation allows you to invalidate an existing API key and replace it with a new one. To rotate an API key, you must use a secret key for authentication. The request will fail if you include an API key or basic authentication header. If you have set a value for the Automatic Expiry of API Consumer Key in Mambu UI then the value specified in the Mambu UI will override any value you include in the body of your request to the expirationTime field. For more information, see API key rotation in our User Guide.

Keys that have been invalidated by rotation remain valid for a default grace period of thirty minutes. This value can be configured using the API Key Rotation Grace Period field in the Mambu UI. For more information, see Key rotation grace period in our User Guide.