# Manage your API Keys
## API key expiration
Each API Key has a validity period of one year from the date of activation. At the end of that validity period, a series of emails is sent to notify the user about the API key lifecycle, along with the reactivation steps, environment (sandbox and production) and region information.
{% hint style="info" %}
The email notifications are sent every week during the last three months and every day during the last week before the expiration date.
{% endhint %}
To avoid interruption of the API service, users must create a new API key to replace the one they are using, before the expiration date. Once users have performed these steps, they can delete the API key they were currently using.
To create and delete API keys from [Verifone Central](https://docs.verifone.com/verifone-central-getting-started/), perform the following steps:
1. Go to **Profile** > **API Keys**.
2. Create a new API Key.
3. The new API Key will be generated.
{% hint style="warning" %}
**Important!** A user can create a maximum of 5 API keys.
{% endhint %}
## Updating an expiring API Key in your Integration
Updating your expired API Key is required once a year. You may have received an email from Verifone indicating that the expiry date is approaching.
Updating an expiring API key applies to the following integrations:
* Plugins
* Any API Integration
* Integrations managed by a third party (which, in turn, use the Verifone APIs)
To replace an expiring API key, follow the below steps to delete it and create a new API key. Once you have followed the steps to create and copy an API key, you must replace this with the expiring API key in your integration.
{% hint style="info" %}
The new API key must also come from the same User who created the last key. If the new key comes from a different user, the **UserID** also requires replacement, as this is unique to each Verifone Central login.
{% endhint %}
{% tabs %}
{% tab title="For API Integrations" %}
The API key must be replaced in your API requests.
More specifically, the second portion of your [Basic Auth](/online-payments/api-integration-methods-auth-and-endpoints/api-authentication/authentication-methods-basic-and-bearer/basicauth.md) header “user-uuid: **api\*\*\*\*key**” string, before it is encoded to base64.
{% endtab %}
{% tab title="For Plugin Integrations" %}
Follow the **Manual Setup** page for your [plugin](/online-payments/plugins.md), which covers where the API key can be changed.
{% endtab %}
{% tab title="For integrations managed by a third party" %}
The API key must be updated according to the instructions provided by the third party. This is typically presented in a settings / configuration menu relating to your setup with Verifone and your other payment settings. Contact your provider for more information.
{% endtab %}
{% endtabs %}
## How to revoke access / delete the API keys
1. Log in to your Verifone Central account.
2. Navigate to the user settings in the top-right corner and select the **API Keys** option from the dropdown menu.
3. When prompted with the list of valid API keys, select the one for which you want to revoke access by clicking the arrow.
4. Click on **Revoke access** to delete the API key.
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.verifone.com/online-payments/api-integration-methods-auth-and-endpoints/api-authentication/manage-your-api-keys.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.