API - Security Initiatives

Modified on: Wed, 24 Jun, 2026 at 10:35 PM

TABLE OF CONTENTS


Auto-deletion of API keys after 90 days of inactivity

  • Agency or sub-account API keys that have not been used in the past 90 days will be automatically deleted.
  • Deletion cadence: This activity will be once a quarter (automated) across all agency and sub-account API keys.
  • Customer communication:
    • The impacted Agency and Sub-accounts admins will receive three in-app notifications giving them a heads-up - 15 days, 7 days, and 1 day before the deletion
    • Agency admins (included those whose locations are impacted) will receive an email 15 days prior with a complete summary of the upcoming deletion
    • One day before the deletion, for 24 hours, the impacted agencies and sub-accounts will see a banner informing them about the upcoming deletion.

Inactive Legacy API Keys Expire After 90 Days


Inactive legacy API keys are now marked as Expired after 90 days of inactivity to reduce unnecessary credential exposure and improve account security.


This applies to both:


  • Agency-level legacy API keys

  • Location-level legacy API keys


Important:


Active keys are not affected

Expired keys remain visible in settings

If access is still needed, an expired key can be used again after it is rotated or refreshed

New v1 API key creation is no longer supported

Private Integration Tokens (PIT) are the recommended option for any new credentials


Users may also receive email notifications when a legacy API key is approaching expiration due to inactivity.



Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article