> For the complete documentation index, see [llms.txt](https://docs.zwapgrid.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.zwapgrid.com/client-portal/api-keys/api-key-lifecycle.md). # API Key Lifecycle This page describes how an API Key moves through its lifecycle: from creation and active use to expiry or rotation and removal. For the steps to create or delete keys in the Client Portal, see [API Keys](/client-portal/api-keys.md). For keeping keys safe, see [Security](/client-portal/api-keys/security.md). ### Creation You create an API Key in the Client Portal per [environment](/client-portal/environments.md). At creation you set a **name** (to identify it later) and an **expiry** (30, 90, or 365 days). Zwapgrid does not store the key after creation—copy it when it is shown and store it securely. From that point the key is active and can be used for API.1 requests. ### Active use While the key is within its expiry period and has not been deleted, you use it to authenticate API.1 calls (Consent API and Accounting API). Use a **Development** key for Development consents and sandbox data; use a **Production** key for Production consents and live data. See [Usage](/client-portal/api-keys/usage.md) for how to pass the key in requests. ### Expiry and rotation When the key approaches its expiry date, or when you want to rotate for security, create a **new** API Key in the Client Portal. Update your applications or scripts to use the new key, then delete the old key. Rotating before deleting avoids downtime: the old key continues to work until you remove it. If you do not rotate before expiry, the key will no longer work for new requests once the expiry date has passed. Any applications still using it will receive authentication errors. Create a new key and update your integration. ### Deletion Deleting an API Key in the Client Portal removes it immediately. That key can no longer be used for API.1 requests. There is no way to restore a deleted key—create a new one if you need to continue calling API.1. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.zwapgrid.com/client-portal/api-keys/api-key-lifecycle.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.