At a glance
Days remaining until the Evri API authentication token currently used by the Vortex IQ connector will expire. Evri’s web service issues an OAuth-style access token, typically 90 days lifetime on the standard merchant API. When the token expires every label-print, tracking-pull, and shipment-status webhook stops; the connector goes silent. This card is the early-warning siren.
| What it counts | DATEDIFF(token_expiry_at, NOW()) on the active Evri API credential. |
| API endpoint | Evri’s auth endpoint within the post-rebrand REST API surface. The card refreshes every 15 minutes. |
| What gets blocked at expiry | Label generation stops, tracking refreshes go stale, shipment-status webhooks stop ingesting. |
| Token rotation | Evri supports automated rotation via refresh-token grant on most account tiers. Some legacy Hermes-era accounts (pre-2022 rebrand) require manual re-authentication. |
| Service level scope | Per Evri account / sub-account. |
| Time window | RT (real-time). |
| Alert trigger | <14 days warn, <3 days critical. |
| Currency | n/a. |
| Returns / RTO | n/a. |
| Roles | owner, operations |
Calculation
Calculated automatically from your Evri (formerly Hermes UK) data. See the At a glance summary above for what the metric tracks and the worked example below for a typical reading.Worked example
A UK DTC clothing brand running Evri Standard, one Evri account, automatic refresh-token rotation enabled. Reading taken at 09:00 BST on 12 Mar 26.| State | Days to expiry | Status | Action |
|---|---|---|---|
| Healthy steady state | 76 | Green | None. Rotation refreshes ~30 days before expiry. |
| Approaching renewal | 18 | Green | None yet. Refresh fires at day 14. |
| Refresh failed | 11 | Amber | Investigate refresh log. Run manual refresh. |
| Refresh failed twice | 4 | Red | Incident. Re-authenticate manually. |
| Expired | -1 | Red (silent) | Connector silent. Label printing stopped. |
- Auto-rotation should fire 14 days before expiry. Vortex IQ’s connector logic refreshes proactively. If the number sits at 14 for more than 24 hours, rotation has failed and is not retrying.
- Failed refresh causes are usually credential changes. Either the Evri account password was changed without updating the connector, or Evri rotated their OAuth client secret on their side (rare).
- Below 3 days is incident-priority. Stop label printing during the final hours; orphan labels (Evri has tracking number but dispatch system has no record) are messy to clean up.
- Legacy Hermes-era accounts may not support refresh tokens. Accounts onboarded before March 2022 sometimes need manual re-authentication every 90 days; check the account’s API settings page.
- The card does not auto-rotate. It surfaces the gap. Rotation is the connector’s job; the card is the alarm.
Sibling cards merchants should reference together
Token expiry is an operational-health metric. Pair with these:| Card | Why pair it | What the combination tells you |
|---|---|---|
| API Error Rate | A token approaching expiry produces 401 / 403 responses on edge calls. | Spike in API errors when this card reads <14 days is the rotation about to fail. |
| Label Generation Success | First-line operational impact of token failure. | If label-success drops while expiry is still positive, issue is upstream of auth. |
| Shipments Total | Drop to zero new shipments concurrent with expiry confirms outage. | Useful for confirming the gap; not a leading indicator. |
| Cross-connector: Token-expiry cards on other connectors | Each connector has its own auth credential. | Panel of all token cards is the single-glance health dashboard. |
Reconciling against the vendor’s own dashboard
Where to look in Evri’s own portal: Evri Business Portal → API Settings → Active Tokens. The portal lists active OAuth tokens with issued-at and expires-at timestamps. Why our number may legitimately differ from Evri’s portal:| Reason | Direction | Why |
|---|---|---|
| Cache lag | Ours stale by 15 minutes | Card refreshes every 15 minutes. |
| Token revoked but not expired | Portal shows expired, ours positive | A revoked token is immediately blocked at API level but the expires-at field still shows the original future date. |
| Multiple tokens | Either | Failed-refresh leaves an old + new token state; card reads the active one. |
| Time zone of expires-at | Boundary days off | Portal in UK local; card uses UTC. |
| Legacy Hermes-era accounts | Either | Pre-rebrand auth tokens behave differently from current OAuth flow. |
(token_expiry → 0) → (api_error_rate spikes 401) → (label_generation_success → 0) → (shipments_total → 0 from this minute). Sequential failure cascade.
Cross-connector reconciliation:
| Card | Expected relationship | Causes of legitimate divergence |
|---|---|---|
| Token-expiry cards on other connectors | Independent. | Each connector has its own credential. |
Documentation cross-reference (token-expiry on other connectors).