0002-Ability to Change the Expiration Date of an API Key – Technical Design Document¶
Introduction¶
Purpose:
Currently, users cannot modify the expiration date of an existing API key. With this feature, users will be able to choose a new expiration date during the API key rotation process.
Scope:
This enhancement covers:
- Allowing users to set a new expiration date only during API Key rotation.
- Updating the rotation UI/flow to include an expiration date selection step.
Technical Desing¶
With this feature, users will be able to choose a new expiration date during the API key rotation process. This restriction comes from previous design decisions: the expiration date is stored inside the API key secret itself. Because of this approach, the expiration date can only be updated when a new secret is generated.
Storing the expiration date within the secret allows the system to validate whether an API key is expired without contacting Keycloak, improving performance and keeping the validation logic self-contained and reliable.
Other Products¶
A quick comparison with similar products (e.g., GitHub) shows the same approach:
- You cannot change the expiration date of an existing token without Regenerate.
- When you click Regenerate, you are asked to select a new expiration date.
This feature will follow the same pattern.
UI Mockup¶

API Details¶
The rotate endpoint now expects an expireDate field in the request body. During rotation, the system will generate a new secret and embed the selected expiration date into it, following the existing design pattern.
PATCH {{apiGateway}}/identity/v1/organizations/current/api-keys/{{api-key-id}}/rotate
Request Body 🆕
{
"expireDate" : 1765994843000
}
Response Body
{
"id": "1af58a27-63a8-4ecc-9c2f-7f3fbbaf8e91",
"name": "apikey1",
"secret": "7HK5H7Kc2V/uL8XLtoaHoc7mhrzb3CxDvWNFyQ+tn35qEUmYxxEbiSrmwGIqR1HcFuTFdcjzzrnbYoo3DtV1SKFR41K/t9JGs9F25hWUV2CHhJeZgXRnpmO8VPgPLIaZS38bxH0NBWlKFmUZzDUDZ6Joew==",
"firstSixChars": "7HK5H7****",
"email": "6d931681-raqx4tn1mr9n@dev-api-key.appcircle.io",
"expireDate": 1778506747382,
"createdAt": 1762868371255,
"createdBy": "halit@appcircle.io",
"organizationRoles": [
{
"organizationId": "4bed37a8-89c6-4048-b4d1-84625f0a1de4",
"roles": [
"view-build-environment",
"view-distribution-profile",
"view-publish-android",
"view-signing-identity",
"view-publish-ios",
"view-connection",
"owner",
"view-codepush",
"view-distribution-group",
"view-build-profile",
"view-publish-environment"
]
}
]
}
⚠️ Note: The endpoint has a breaking change. After this update, users will no longer be able to rotate their API key because the expireDate field is now required, unless the UI implements support for it.