Configuring API key expiration

IBM® Software Hub API keys do not expire by default. If you want to improve application security, you can configure API keys to automatically expire. You can choose how long API keys are valid after they are created based on your company's security policies.

Who needs to complete this task?
To configure API key expiration, you must have one of the following permissions:
  • Administer platform
  • Manage configurations
When do you need to complete this task?
Complete this task if you want IBM Software Hub API keys to automatically expire.

Before you begin

Before you can complete this task, you must complete the following tasks:

  1. Enabling email notifications
  2. Enabling users to access the web client from platform-generated emails
Best practice: If you configure API key expiration after users create API keys, some API keys might expire as soon as you save your changes. If users already have access to IBM Software Hub, it is strongly recommended that you notify users before you complete this task.

For example, you can create an announcement about the change to let users know that they should generate a new API key and update any applications that use their existing API key.

If you change the API key expiration without any prior warning, users might have difficulty troubleshooting connection issues that occur because of expired API keys.

About this task

When you configure API key expiration, you specify how many days API keys are valid after they are created. For example, if a user created an API key 60 days ago and you configure API keys to automatically expire after 90 days, the user has 30 days remaining until their API key expires.

In addition, you must specify how many days before the API key expires users receive notification emails. The platform enables you to specify when users will receive:
  • Their first notification
  • Their final reminder

If the user allows their API key to expire, the platform will send an additional email to let the user know that their API key expired and provide information on how to generate a new API key.

Procedure

To configure API key expiration:

  1. Log in to the web client.
  2. Switch to the IBM Software Hub experience, if needed.
  3. From the navigation menu, select Configurations and settings.
  4. Click API security.
  5. Toggle API Expiry to on.
  6. In the API key duration field, specify how many days API keys are valid for.
  7. In the First reminder field, specify when users will receive their first expiration notice.

    For example, you might want to let users know that their API key expires in 14 days.

  8. In the Final reminder field, specify when users will receive their final expiration notice.

    For example, you might want to remind users that their API key expires in 2 days.

  9. Click Save.

Results

Users' API keys will expire automatically based on the API key duration that you set. Some API keys might expire as soon as you save your changes. For example, if a user created their API key 9 months ago and you configure API keys to expire after 90 days, the API key will automatically expire when you save your changes.
Tip: Users can see how many days their API key is valid for in their profile.