{"section":"announcements","requestedLocale":"en","requestedSlug":"2024-12-03-api-keys-new-experience-focused-on-usability-and-security","locale":"en","slug":"2024-12-03-api-keys-new-experience-focused-on-usability-and-security","path":"docs/en/announcements/2024/december/2024-12-03-api-keys-new-experience-focused-on-usability-and-security.md","branch":"main","content":"We've introduced a new [API Key](/en/docs/tutorials/api-keys) management experience to give you more efficient control over your credentials.\n\nThis update includes an optimized interface for easier management and new security-oriented features, such as setting token duration, renewing tokens, and deleting unused keys.\n\n![apikeys-en](https://cdn.statically.io/gh/vtexdocs/help-center-content/refs/heads/main/docs/en/announcements/2024/december/2024-12-03-api-keys-new-experience-focused-on-usability-and-security_1.png)\n\n## What has changed?\n\nSee all updates below:\n\n| Change | Description |\n| ---- | ---- |\n| **Name** | We have changed *application keys* to *API keys* in the Admin interface. |\n| **Design** | The interface for managing, creating, and editing API keys has been redesigned to provide a more intuitive and efficient experience. |\n| **Key separation** | Internally generated keys and external keys are now organized into separate tabs to make managing each type easier. |\n| **Token duration** | All internally generated API tokens now have a default duration of 3 months, which can be changed to 6 months in the interface.<br /><br />The setting applies to all new and existing tokens generated on the account and uses the key's created date as a reference for calculating duration. <br /><br />The duration of external tokens is visible and configurable only to the account that created the token.<br /><br />When generated tokens become outdated, this information will be displayed in the Admin interface. This outdated status has no impact on token usage — it's just a visual indicator to reflect the token status and suggest renewal.<br /><br />Learn more in [Configuring the duration of API keys](/en/docs/tutorials/configuring-alerts-to-renew-api-tokens). |\n| **Token renewal** | Now, you can renew the tokens of the keys generated in your account. This feature allows you to choose whether to delete the old token immediately or later.<br /><br />If you choose to delete it later, both tokens will be valid and functional until the old one is deleted, allowing the merchant to update the token used in integrations without jeopardizing the operation.<br /><br />Learn more in [Renewing API tokens](/en/docs/tutorials/renewing-api-tokens). |\n| **API key deletion** | Merchants can now delete API keys that will no longer be used. |\n| **Specific permissions** | New permissions required to manage API keys: <br /><ul class=\"t-body c-on-base mb7 lh-copy\"><li class=\"t-body c-on-base mb5 lh-copy\">*View API Keys* (view, filter, search, and sort generated and external API keys)</li><li class=\"t-body c-on-base mb5 lh-copy\">*Edit API Keys* (create, delete, change status, and add or remove API key permissions)</li><li class=\"t-body c-on-base mb5 lh-copy\">*Renew API Token* (view and renew tokens for generated keys)</li><li class=\"t-body c-on-base mb5 lh-copy\">*Edit API Keys settings* (edit the settings for the duration of generated key tokens)</li></ul>Learn more in [License Manager resources](/en/docs/tutorials/license-manager-resources). Users with permissions to manage users and roles will automatically receive the new permissions, as shown in the table: <br /><br /><table><thead><tr class=\"bb b--muted-4\"><th class=\"t-body fw5 c-muted-1 bw1 pa3 pb3 b--muted-4 tl\">Users with…</th><th class=\"t-body fw5 c-muted-1 bw1 pa3 pb3 b--muted-4 tl\">They automatically receive…</th></tr></thead><tbody><tr class=\"bb b--muted-4\"><td class=\"t-body pa3 bb b--muted-4\">Get account by identifier</td><td class=\"t-body pa3 bb b--muted-4\">View API Keys</td></tr><tr class=\"bb b--muted-4\"><td class=\"t-body pa3 bb b--muted-4\">Get paged users</td><td class=\"t-body pa3 bb b--muted-4\">View API Keys</td></tr><tr class=\"bb b--muted-4\"><td class=\"t-body pa3 bb b--muted-4\">Get paged roles</td><td class=\"t-body pa3 bb b--muted-4\">View API Keys</td></tr><tr class=\"bb b--muted-4\"><td class=\"t-body pa3 bb b--muted-4\">Find user by email</td><td class=\"t-body pa3 bb b--muted-4\">View API Keys</td></tr><tr class=\"bb b--muted-4\"><td class=\"t-body pa3 bb b--muted-4\">Save user</td><td class=\"t-body pa3 bb b--muted-4\">Edit API Keys</td></tr><tr class=\"bb b--muted-4\"><td class=\"t-body pa3 bb b--muted-4\">Owner - Super Admin</td><td class=\"t-body pa3 bb b--muted-4\">Edit API Keys settings</td></tr><tr class=\"bb b--muted-4\"><td class=\"t-body pa3\">[User Administrator - RESTRICTED](/en/docs/tutorials/predefined-roles#user-administrator-restricted)</td><td class=\"t-body pa3\">Renew API Token</td></tbody></table>  |\n\n## Why did we make this change?\n\nThe new experience aims to provide greater control and security over your API keys while improving usability. The interface streamlines managing different types of keys and improves information visibility.\n\nAdditionally, configurable token durations add an extra layer of security, while renewal options help ensure uninterrupted store operations.\n\n## What needs to be done?\n\nFollow the steps below to access the new experience:\n\n1. In the top bar of the VTEX Admin, click your **profile avatar** — indicated by the first letter of your email — and then click **Account settings** > **API Keys**.  \n2. Click `Try new experience`.\n\nYou can switch to the previous version of the page anytime by clicking `Switch to the previous version`.\n\nFor more information, see the related documentation:\n\n* [API Keys](/en/docs/tutorials/api-keys)  \n* [Configuring the duration of API keys](/en/docs/tutorials/configuring-alerts-to-renew-api-tokens)  \n* [Generated keys](/en/docs/tutorials/generated-keys)  \n* [Renewing API tokens](/en/docs/tutorials/renewing-api-tokens) \n* [External keys](/en/docs/tutorials/external-keys)"}