Open
Description
We can have a default duration for expiry or allow users to set their own expiry date, or both.
Another idea is to have the key with dynamic expiry based on usage, using some decay function. If the key is not used for a certain duration, it should expire.
However, this approach seems unpredictable from a consumer's perspective. As a consumer, it is much easier for me if I have certainty about when my API key will stop working so that I can plan and update my scripts with a new key in advance. This key decay may also lead to behaviors like periodic scripts hitting the API just to keep the key alive, which would be annoying for both producer and consumers.