We've introduced a new API Key management experience to give you more efficient control over your credentials.
This update includes an optimized interface for easier management and new security-oriented features, such as setting token duration, renewing tokens, and deleting unused keys.
What has changed?
See all updates below:
| Change | Description |
|---|---|
| Name | We have changed application keys to API keys in the Admin interface. |
| Design | The interface for managing, creating, and editing API keys has been redesigned to provide a more intuitive and efficient experience. |
| Key separation | Internally generated keys and external keys are now organized into separate tabs to make managing each type easier. |
| Token duration | All internally generated API tokens now have a default duration of 3 months, which can be changed to 6 months in the interface.The setting applies to all new and existing tokens generated on the account and uses the key's created date as a reference for calculating duration. The duration of external tokens is visible and configurable only to the account that created the token.When generated tokens become outdated, this information will be displayed in the Admin interface. This outdated status has no impact on token usage — it's just a visual indicator to reflect the token status and suggest renewal.Learn more in Configuring the duration of API keys. |
| Token renewal | Now, you can renew the tokens of the keys generated in your account. This feature allows you to choose whether to delete the old token immediately or later.If you choose to delete it later, both tokens will be valid and functional until the old one is deleted, allowing the merchant to update the token used in integrations without jeopardizing the operation.Learn more in Renewing API tokens. |
| API key deletion | Merchants can now delete API keys that will no longer be used. |
| Specific permissions | New permissions required to manage API keys: View API Keys (view, filter, search, and sort generated and external API keys)Edit API Keys (create, delete, change status, and add or remove API key permissions)Renew API Token (view and renew tokens for generated keys)Edit API Keys settings (edit the settings for the duration of generated key tokens)Learn more in License Manager resources. Users with permissions to manage users and roles will automatically receive the new permissions, as shown in the table: Users with…They automatically receive…Get account by identifierView API KeysGet paged usersView API KeysGet paged rolesView API KeysFind user by emailView API KeysSave userEdit API KeysOwner - Super AdminEdit API Keys settingsUser Administrator - RESTRICTEDRenew API Token |
Why did we make this change?
The new experience aims to provide greater control and security over your API keys while improving usability. The interface streamlines managing different types of keys and improves information visibility.
Additionally, configurable token durations add an extra layer of security, while renewal options help ensure uninterrupted store operations.
What needs to be done?
Follow the steps below to access the new experience:
- In the top bar of the VTEX Admin, click your profile avatar — indicated by the first letter of your email — and then click Account settings > API Keys.
- Click
Try new experience.
You can switch to the previous version of the page anytime by clicking Switch to the previous version.
For more information, see the related documentation: