{"section":"announcements","requestedLocale":"en","requestedSlug":"2025-08-12-api-keys-improvements-for-more-security-control-and-visibility","locale":"en","slug":"2025-08-12-api-keys-improvements-for-more-security-control-and-visibility","path":"docs/en/announcements/2025/august/2025-08-12-api-keys-improvements-for-more-security-control-and-visibility.md","branch":"main","content":"To optimize access credential management and increase security, we've enhanced the **API keys** experience. These updates are now available to all accounts.\n\n![generated-keys-en](https://cdn.statically.io/gh/vtexdocs/help-center-content/refs/heads/main/docs/en/announcements/2025/august/2025-08-12-api-keys-improvements-for-more-security-control-and-visibility_1.png)\n\n## What has changed?\n\nWe've grouped the new features into three categories to improve security, simplify administration, and increase visibility of your API keys.\n\n### Secure sharing\n\nNow, instead of viewing the new token directly when generating and renewing it, you will receive a single-access link. This change aims to increase security when sharing sensitive data and reduce the attack surface.\n\nThe single-access link can be copied for later access or shared with the person who needs to use it. The link can only be accessed once, as it expires when clicked. If there are no interactions within 24 hours, the link also expires.\n\n![one-time-link-en](https://cdn.statically.io/gh/vtexdocs/help-center-content/refs/heads/main/docs/en/announcements/2025/august/2025-08-12-api-keys-improvements-for-more-security-control-and-visibility_2.png)\n\n> ⚠️ The official URL for accessing the token always follows the format `share.vtex.com/credentials/{token}`. The `{token}` is a random identifier generated when the key is created or renewed. Check the link format before accessing it to avoid phishing attempts or malicious pages.\n\n### Simpler management\n\n* **API key export**: Now you can generate an XLSX file containing information on both external API keys and the ones created in your account.  \n\n* **Enhanced search feature**: The API key list now supports searching by nickname in addition to the original key name.\n\n### Alert optimization\n\n* **Token renewal**: We've removed the **Token duration** column to simplify key management. The system now shows renewal alerts based on the configured period (3 or 6 months), while maintaining the token's validity.  \n\n  See below how alerts display in the API key row:\n\n<table>\n  <tr>\n    <td>\n      <img src=\"https://cdn.statically.io/gh/vtexdocs/help-center-content/refs/heads/main/docs/en/announcements/2025/august/2025-08-12-api-keys-improvements-for-more-security-control-and-visibility_3.png\" alt=\"renew-recommended-en\">\n    </td>\n  </tr>\n  <tr>\n    <td>\n       The orange alert means the token has exceeded the recommended usage period by up to three months.\n    </td>\n  </tr>\n</table>\n\n<br />\n\n<table>\n  <tr>\n    <td>\n      <img src=\"https://cdn.statically.io/gh/vtexdocs/help-center-content/refs/heads/main/docs/en/announcements/2025/august/2025-08-12-api-keys-improvements-for-more-security-control-and-visibility_4.png\" alt=\"renew-highly-recommended-en\">\n    </td>\n  </tr>\n  <tr>\n    <td>\n       The red alert means the token has been in use for three or more months beyond the specified period.\n    </td>\n  </tr>\n</table>\n\n* **Pending token deletion**: We've added alerts to notify you when the deletion of an old token is pending after [renewal](/en/docs/tutorials/renewing-api-tokens).\n\n<table>\n  <tr>\n    <td>\n      <img src=\"https://cdn.statically.io/gh/vtexdocs/help-center-content/refs/heads/main/docs/en/announcements/2025/august/2025-08-12-api-keys-improvements-for-more-security-control-and-visibility_5.png\" alt=\"pending-deletion-alert-en\">\n    </td>\n  </tr>\n  <tr>\n    <td>\n      General alert, at the top of the **Generated** tab.\n    </td>\n  </tr>\n</table>\n\n<br />\n\n<table>\n  <tr>\n    <td>\n      <img src=\"https://cdn.statically.io/gh/vtexdocs/help-center-content/refs/heads/main/docs/en/announcements/2025/august/2025-08-12-api-keys-improvements-for-more-security-control-and-visibility_6.png\" alt=\"delete-pending-en\">\n    </td>\n  </tr>\n  <tr>\n    <td>\n      Alert in the row of the specific generated key.\n    </td>\n  </tr>\n</table>\n\n## Why did we make this change?\n\nWe made these improvements to provide a more intuitive and complete experience for managing API keys, boosting operational security and efficiency.\n\nThe goal is to offer greater security and ease of use, including:\n\n* Increased protection when sharing tokens, reducing the risk of accidental exposure.  \n* Streamlined collaboration between account management and development teams.\n\n## What needs to be done?\n\nNo action is needed. This update will be automatically applied to all accounts.\n\nSee the updated documentation to explore all features:\n\n* [API keys](/en/docs/tutorials/api-keys)  \n* [External keys](/en/docs/tutorials/external-keys)  \n* [Generated keys](/en/docs/tutorials/generated-keys)  \n* [Configuring alerts to renew API tokens](/en/docs/tutorials/configuring-alerts-to-renew-api-tokens)  \n* [Exporting API keys](/en/docs/tutorials/exporting-api-keys)  \n* [Renewing API tokens](/en/docs/tutorials/renewing-api-tokens)"}