Viewing and Managing API Key Expiration in Amperity

Overview

Customers sometimes need to track when their API keys or Profile API keys expire for security, rotation, or compliance purposes.

This article explains how API key expiration works in Amperity, what information is available in the platform, and what limitations exist.

Common Question

Can Amperity provide a list of expiration dates for all API keys and Profile API keys?

How API Key Expiration Works

API keys in Amperity are issued as JSON Web Tokens (JWTs).

  • Each API key contains an expiration timestamp (exp) embedded inside the token

  • This expiration value is evaluated at runtime when the API is called

  • Amperity does not store or log API key expiration dates in a way that can be queried or exported

Because of this design, Support cannot generate or share a report listing expiration dates for all API keys.

What You Can View in the Platform

While expiration dates are not visible, you can still manage API keys directly from your tenant.

Where to Find Your API Keys

  1. Go to Settings

  2. Open Security

  3. Navigate to the API Keys section

From here, you can:

  • View all active API keys

  • Identify keys by name and purpose

  • Revoke keys that are no longer needed

  • Generate new keys when required

Recommended Best Practices

Since expiration dates are not centrally listed, consider the following:

  • Maintain internal documentation for API key creation dates and owners

  • Rotate API keys on a regular schedule

  • Remove unused or legacy keys promptly

  • Generate new keys before planned integrations or campaigns

  • Use key naming conventions to track purpose and lifecycle

When to Regenerate an API Key

You should regenerate an API key if:

  • The key is close to expiration (based on your internal tracking)

  • The key may have been exposed or shared unintentionally

  • Ownership of the integration has changed

  • An integration stops working due to an expired token

Summary

Amperity does not provide a system-level view of API key expiration dates.
Expiration is embedded within each JWT and evaluated at runtime, not logged or reportable.

Customers are encouraged to manage API keys through Settings → Security → API Keys and follow internal rotation and tracking practices for long-term maintenance.

Applies To

  • API keys

  • Profile API

  • Security settings

  • Tenant access management