API Key renewal for service account

ganesh_ellappan

Hi Team,

We have a service account and its API key is expiring very soon. We understand from Q documentation that we can create/list/enable/disable/delete API keys.

https://docs.quantexa.com/reference-component/2.4.5/reference/security/authentication/api-key/apikeys-api-reference.html

https://docs.quantexa.com/reference-component/2.4.5/reference/security/authentication/api-key/api-key.html

As I mentioned earlier our API Key is expiring, we are looking to renew the same API key instead of creating a new key. I don't find any relevant information in documention site on how to renew/extend API key for an account.

Could you please suggest ideas on how to renew the API Key?

Current version: 2.4.5

Regards,
Ganesh

Alex_Myers

Hi @ganesh_ellappan ,

By default once an api key has been created, the expiry date cannot be changed. This restriction is a common industry practice to ensure the rotation of api keys for security reasons. While I would expect some additional effort in deployment and configuration, as a best practice we recommend not hard-coding api-keys and to keep references to them as parametrized as possible as they should be rotated on a regular basis.

Stephanie_Richardson

Hi @ganesh_ellappan,

Hope you're well and thanks for the question 😊

Could you please expand on why you're looking to renew your API key, rather than create a new one?

Thanks,

Stephanie

ganesh_ellappan

Hi @Stephanie_Richardson

We are using API Key in various places within our system. If we create a new key, we will have to update the new key wherever applicable, code changes required and need to go through CICD which will be little complicated.

However we are interested in renewing the same API key for now. Could you please suggest?

Thanks,

Ganesh

ganesh_ellappan

Got it. Thanks for confirming @Alex_Myers