This feature is in closed beta, so only selected clients can access it now. If you are interested in implementing it in the future, please contact our Support team.

The older the token, the greater the risk of exposure and potential damage to the operation. The token renewal procedure guarantees the continuity of your store security and minimizes potential vulnerabilities.

Renew the API token before the duration ends to maintain continuous access to resources and preserve security.

Follow the steps below to renew the token of an API key:

1. In the top bar of the VTEX Admin, click your profile avatar — indicated by the first letter of your email — and then click Account Settings > API Keys.

2. Make sure you are in the Generated tab.

3. In the row of the desired API key, click the kebab menu (⋮) and then Renew Token.

4. Click Copy to copy the API token to the clipboard. This secret will only be displayed once. Save it in a safe place.

5. In the section Delete Old Token, check one of the following options:

   • Later: You must manually delete the old token once the new token is in use in the integrations. Both tokens will be valid and functional until the old one is deleted. In the list on the Generated tab, in the Token Duration column, the duration of both tokens will be displayed, until the old one is deleted.

   • Now: The old token will be deleted from the system at the end of the renewal process and only the new token will be valid.

   If the page is closed before selecting a deletion method in this step, the Later option will be applied, meaning that you will need to delete the old token manually.

6. Click Complete.

Ensure the API key is no longer in use by any integration before deleting it. This action cannot be undone.

Follow the instructions below to manually delete an old token after renewal. This procedure is only possible when the Later option for deletion was selected during the token renewal process.

1. In the top bar of the VTEX Admin, click your profile avatar — indicated by the first letter of your email — and then click Account Settings > API Keys.
2. Make sure you are in the Generated tab.
3. In the row of the desired API key, click the kebab menu (⋮) and then Delete Old Token.
4. Click Delete to confirm.

This procedure is only possible if the old token has not been deleted. If the old token has been deleted, you will need to renew the token again or delete the API key.

If you renewed your token by mistake or forgot to copy the newly generated token, follow the steps below to undo the renewal.

1. In the top bar of the VTEX Admin, click your profile avatar — indicated by the first letter of your email — and then click Account Settings > API Keys.
2. Make sure you are in the Generated tab.
3. In the row of the desired API key, click the kebab menu (⋮) and then Undo Renewal.
4. Click Undo to confirm.

• API Keys (Beta)
• Configuring the duration of API keys (Beta)
• Generated keys (Beta)