Expire API Keys

[EvanParish]

User Story - Business Need

• Ticket is understood, and QA has been contacted (if the ticket has a QA label).

With the current implementation API keys do not expire. Once we have switched our users to keys that do have an expiry date, we need to stop expired keys from authenticating.

User Story(ies)

As a backend engineer
I want API keys to expire when the expiry_date has passed
So that we can maintain a secure platform

Additional Info and Resources

• Look for TODO 2309 for this work and adjust the code and tests accordingly.

Acceptance Criteria

• Ensure all API keys in the database have an expiry_date assigned as this code is pushed up through the environments.
• When an API key is used that is expired according to its expiry_date, then the request is rejected.
• The warning logs associated with using expired or old-style keys should no longer be necessary after this update. They have been removed.
• This work is added to the sprint review slide deck (key win bullet point and demo slide)

QA Considerations

• Ensure API keys that are expired, according to its expiry_date, are no longer usable to authenticate requests.

Potential Dependencies

This ticket can only be worked after all of the services are using the updated API keys. See the API Keys Epic for progress.

Out of Scope

Updating the API key GET route is out of scope if it has not been worked yet. The ticket api #2311 is for that purpose.

[cris-oddball]

@EvanParish please include in the Dependencies section that the checklist in the Epic needs to be completed before this is worked. Thank you!

[EvanParish]

@cris-oddball Changes have been made.

[cris-oddball]

@EvanParish Thanks!