Days to Token Expiry, EasyPost - Vortex IQ Help Centre

Card class: Hero • Category: Shipping & Courier

At a glance

Days remaining before the EasyPost API key the merchant uses to create labels, rate-shop carriers, and pull tracking data stops working. EasyPost API keys do not expire by default; they’re permanent unless manually rotated for security or revoked by EasyPost. The card reads “Indefinite” until a finite TTL is configured or a security event triggers expiry.


What it counts	If the credential has an expiry, `(expires_at - now()) / 86400`. By default EasyPost API keys are permanent and the card reads “Indefinite”.
Token type	EasyPost issues two key pairs per account: Production Key for live shipping and Test Key for sandbox. Each is a single string, no OAuth refresh cycle. The card tracks the production key state.
What “expired” actually breaks	Once revoked, every EasyPost API call returns “Invalid API Key” (HTTP 401). Label generation breaks; rate-shopping breaks; tracking polls break. Downstream impact: WMS queues outbound orders, Shopify backlog grows, customer-service contacts spike.
Detection mechanism	Vortex IQ checks credential state at every call. For permanent keys, the card reads “Indefinite” until a failed-auth response is observed; the card then flips to red immediately and shows “Revoked or invalid”.
Renewal path	Log into EasyPost Dashboard → API Keys → Generate New Key. Paste the new key into Vortex IQ Settings → Connectors → EasyPost. Total downtime if proactive: under 5 minutes.
Best-practice rotation	Even though keys are permanent, rotate every 12 to 24 months for security hygiene. Compromised keys (accidentally committed to a public repo, exposed in a log file) should be rotated immediately.
Time window	`RT` (real-time, refreshed hourly)
Alert trigger	`<14 days` (warn) / `<7 days` (critical) for finite-TTL credentials. Failed-auth events alert immediately regardless of countdown.
Roles	owner, operations

Calculation

Calculated automatically from your EasyPost data. See the At a glance summary above for what the metric tracks and the worked example below for a typical reading.

Worked example

A US DTC merchant connected EasyPost on 14 Mar 25. Reading taken on 12 Mar 26.

Date	State	What happened
14 Mar 25	Indefinite	Initial connection, key issued.
14 Mar 26	Indefinite	Anniversary. No expiry; rotation reminder advisable.

The card reads Indefinite, sentiment green. Three operational notes:

Schedule annual rotation reminder. Even though EasyPost keys don’t expire, rotate annually for hygiene. Add a calendar reminder for one year ahead from today.
Underlying carrier credentials inside EasyPost matter. EasyPost’s connection to USPS, FedEx, UPS is via carrier-specific accounts in the EasyPost dashboard. Those credentials may have their own expiry (especially FedEx OAuth at 365 days). EasyPost surfaces warnings when carrier credentials get close to expiry; act on them.
The card cannot detect compromised-but-not-revoked keys. If a key is leaked but not yet revoked, the card reads “Indefinite” while a malicious actor uses it. Best practice: monitor EasyPost API logs (audit trail) for unusual activity, rotate immediately on suspicion.

Sibling cards merchants should reference together

Card	Why pair it with Days to Token Expiry	What the combination tells you
API Error Rate	Captures partial failures.	Auth failures show as 401s; non-auth errors show as 500s, 429s. The two cards together cover scheduled and unscheduled connector breakage.
Label Generation Success Rate	Workload that breaks on auth fail.	Sudden drop with “Indefinite” expiry indicates non-auth issue (rate limits, payload errors).
Shipments Total	Volume context.	Volume → 0 with auth failed = expiry was the cause.
Cross-connector: `fedex.fed_auth_token_expiry_days`	Underlying carrier credential inside EasyPost.	EasyPost may break specifically because the FedEx-inside-EasyPost credential expired separately. Watch both.
Cross-connector: `usps.usp_auth_token_expiry_days`	Same.	Same.
Cross-connector: `shopify.unfulfilled_orders`	Downstream impact.	Backlog spike on EasyPost expiry confirms causation.

Reconciling against the vendor’s own dashboard

Where to look in EasyPost’s own dashboard: EasyPost Dashboard → API Keys. Shows production and test key creation dates and status. Underlying carrier credentials are visible at Carriers → [Carrier] → Credentials; those may have separate expiry semantics. Why our number may legitimately differ from EasyPost’s portal:

Reason	Direction	Why
Carrier-credential vs API-key expiry	Either	The EasyPost API key is permanent; the carrier credentials inside EasyPost (FedEx, UPS) have their own TTLs. The card surfaces only the API key state.
Suspended-account state	Card may show stale	If EasyPost suspends the merchant account (billing dispute, ToS violation), the API key still has metadata but fails on use. Card flips to red on first failed-auth.

Cross-connector reconciliation:

Card	Expected relationship	What causes legitimate divergence
`fedex.fed_auth_token_expiry_days`	EasyPost manages internally.	Direct-FedEx expiry is for shippers using FedEx independent of EasyPost.
`usps.usp_auth_token_expiry_days`	Same for USPS.	Same.

Known limitations / merchant FAQs

My EasyPost API key has worked for years. Should I rotate it? Yes, every 12 to 24 months for security hygiene. Even though EasyPost keys don’t expire, leaked or stolen keys could be active indefinitely without rotation. A regular rotation cycle limits the blast radius of any accidental exposure. The card says “Indefinite” but my labels just stopped printing. What happened? Three usual possibilities. (1) Carrier-credential failure inside EasyPost (FedEx OAuth expired). Check the EasyPost dashboard’s carrier-credential status. (2) EasyPost-side outage. Check EasyPost Status. (3) Rate limit hit during a large batch. Reduce concurrency. Is the EasyPost test key separate? Yes. Test-mode shipments use a different key and don’t impact production volume. The card tracks the production key only. Test-key state is irrelevant to operational shipping. Can I have multiple EasyPost API keys for one account? Yes. EasyPost allows multiple API keys per account (e.g. one for production app, one for internal scripts). The card reads the key configured in the Vortex IQ connector. Multiple keys can be active simultaneously; rotating one doesn’t affect the others. My account got suspended for a billing issue. The card still says “Indefinite”. Why? Suspension is a back-end account state; the API key metadata is still valid until used. First failed-auth response triggers the card to flip to red. Resolve the billing issue with EasyPost; once unsuspended, calls succeed again and the card returns to green automatically. How do I rotate without downtime? Generate the new key in the EasyPost dashboard while the old key is still active. Paste the new key into Vortex IQ. The next API call uses the new key; old-key sessions complete naturally. Total downtime: zero. Wait 24 hours, then revoke the old key in the EasyPost dashboard.

Tracked live in Vortex IQ Nerve Centre

Days to Token Expiry is one of hundreds of KPI pulses Vortex IQ tracks across EasyPost and 70+ other ecommerce connectors. Nerve Centre runs the detection layer; Vortex Mind investigates the cause when something moves; Ask Viq lets you interrogate any number in plain English. Start for free or book a demo to see this metric running on your own data.

​At a glance

​Calculation

​Worked example

​Sibling cards merchants should reference together

​Reconciling against the vendor’s own dashboard

​Known limitations / merchant FAQs

​Tracked live in Vortex IQ Nerve Centre