Summary
On July 8, 2026 Anthropic let developers set an expiration when creating an API key or Admin API key in the Claude Console — a preset, custom duration, or Never — with email reminders before expiry for keys living at least seven days and an expires_at field surfaced through the Admin API.
What changed
Anthropic's July 8, 2026 update lets creators choose an expiration at API key and Admin API key creation time in the Claude Console (preset, custom, or Never). For keys with a lifetime of at least seven days, Anthropic emails the creator before expiration; existing keys are unaffected, and the Admin API now reports each key's expiration in an expires_at field.
Why it matters
Long-lived, never-expiring API keys are a standing security liability, and as autonomous agents proliferate the number of credentials in circulation grows fast. Built-in expiration with advance-notice emails and programmatic expires_at reporting gives security teams a native way to enforce key rotation and prune stale access without external tooling.
Evidence excerpt
July 8, 2026: You can now set an expiration when you create an API key or an Admin API key in the Claude Console. Choose a preset, a custom duration, or Never. For keys with a lifetime of at least 7 days, Anthropic emails the creator before expiration. The Admin API reports each key's expiration in the expires_at field.