API keys have a default expiration period, which you specify when you configure the API key consumption settings. For more information, see Configuring the API Consumption Settings.

You can also change expiration period for the API key or set it so that the key never expires.

Sometimes you might have to require an approval to renew (refresh) the API key. If you selected the Require Approval option when you configured the API key consumption settings, CentraSite will not renew the API key until the required approvals are obtained. However, if an approval workflow is not configured for the API, the key is renewed instantly. For more information about approval actions, see Working with Approval Workflows.

Once the API key renewal request is approved by the designated approvers, an email notification informing the new validity of API key is sent to both the API provider and API consumer.

CentraSite provides predefined email templates only intended for the API key renewal. By default, these templates are configured in the centrasite.xml file. But, if you do not want to use the predefined email templates, you can create your own templates and configure the centrasite.xml file as necessary. For more information on how to configure the email templates for API key renewal, see Configuring the Email Templates for Key Renewal.

The API key with the new validity is republished to the Mediator, triggered by a Deploy API Key action that is included in the API key renewal policy.

For more information on how to configure the email notifications for API key renewal in the CentraSite Business UI, see Configuring the API Consumption Settings.