Skip to main content
Dormant key flags API keys that haven’t been used in a while and then suddenly start making requests again. It’s primarily a security and hygiene signal: a key you’d forgotten about coming back to life is worth a second look.

When to use it

  • Catching a leaked or compromised key that’s being abused after sitting idle.
  • Spotting old integrations that have come back online unexpectedly.
  • General key hygiene — knowing when “dormant” keys aren’t actually dormant anymore.
If you have keys you genuinely expect to use intermittently (a monthly batch job, a quarterly report), set the dormancy threshold higher than the gap between their normal runs.

What you configure

SettingWhat it does
Dormant DaysHow long a key has to be unused before its return triggers an alert (default 30 days).
ScopeWhat to watch — your User keys, individual keys (Per API Key), or for organizations, Organization / Team / Per API Key.
ScheduleHow often to evaluate — daily, weekly, or monthly.

How you’re notified

Email and/or SMS, based on your preferences in Settings → Notifications. See the alerts overview for delivery details and cooldown behavior.