The API keys page allows you to configure alerts to recommend the renewal of API tokens for internally generated keys.

Renewing tokens periodically is important to ensure security, limit exposure to risks, and control access to resources, minimizing the impact of compromised keys.

By default, the renewal alert is displayed after three months, unless another option is selected. To configure the alert frequency, follow these steps:

1. In the top bar of the VTEX Admin, click your profile avatar — indicated by the first letter of your email — and then click Account Settings > API keys.

2. Click the Settings tab.

3. Choose the desired renewal period:

   • 3 months (recommended)
   • 6 months

4. Click Apply.

This period will apply to all new and existing keys, using the created date as the reference for calculating the duration.

The token doesn't expire after the defined period. This setting only determines when the interface will recommend renewal, it doesn't deactivate the token. The alert serves as a reminder to manually renew the token.

Once the defined period is reached, a renewal alert is displayed next to the key in the Generated tab:

The orange alert means the token has exceeded the recommended usage period by up to three months.

The red alert means the token has been in use for three or more months beyond the specified period.

When you see a key with an alert, renew the token as soon as possible. After renewal, the alert will reappear after the selected period (three or six months), considering the most recent renewal date as the new starting point for calculating the duration.

• API Keys
• Generated keys
• Renewing API tokens