New API Keys for Services

[EvanParish]

User Story - Business Need

We need to ensure our integration partners are using the correct keys when making requests to our API. To do this, we need to generate a new API key for each service and let them know that they should start using the new key as soon as they can switch. We also need to add logging for the use of old-style keys to ensure that deprecated keys are tracked for auditing and deprecation, facilitating a smooth transition to the updated key model.

• Ticket is understood, and QA has been contacted (if the ticket has a QA label).

User Story(ies)

As a backend engineer
I want each service that uses our API to update to the new API key type
So that we can maintain a secure platform.

Additional Info and Resources

• old-style API keys will not have expiration dates associated with them, this is one way to identify them

Acceptance Criteria

• A new API key is generated for each service in the new style.
  • This means the new keys should have expiration dates.
  • Generate keys for Prod and Staging.
• This work is added to the sprint review slide deck (key win bullet point and demo slide)

QA Considerations

Potential Dependencies

Out of Scope

• Deactivating old-style API keys is not covered in this ticket. A separate ticket will handle key deactivation. Customers will need time to transition to the new keys.

[npmartin-oddball]

Ticket will be reworked.