Skip to main content
Card class: HeroCategory: Shipping & Courier

At a glance

Days until your Sendle API key expires (or, where keys are non-expiring, days until the calendared rotation date set by the merchant). Sendle’s primary auth model is a long-lived API key tied to the workspace; some enterprise accounts schedule rotations on quarterly or annual cadences for security hygiene. When the key invalidates, label-print and tracking calls fail, breaking despatch end-to-end.
What it counts(key_rotation_date - now) in calendar days, read from the merchant’s calendared rotation policy (defaults to 365 days from issue if no policy set). For accounts with truly non-expiring keys, the card displays a placeholder 365 from issue date and the alert can be suppressed.
API endpointGET /api/me (Sendle account info endpoint) confirms the key is still valid and exposes the workspace ID. The expiry date itself is stored in Vortex IQ’s connector configuration, not in Sendle (Sendle’s API model does not natively expire keys).
Delivery success criterionNot applicable, this is connector health, not delivery.
On-time thresholdNot applicable.
Returns / RTONot applicable.
Service level scopeSingle key covers all Sendle services and zones in the workspace.
What “expired” actually breaksEvery Sendle API call: label generation, tracking polls, claims filing. In-flight parcels continue tracking via Sendle’s webhook stream (carrier-direct), but new orders cannot be processed.
CurrencyNot applicable.
Time windowRT (real-time, refreshed on connector poll cycle every 5 to 15 minutes)
Alert trigger<14 days. Tripped at 14 days remaining against the calendared rotation date. The 14-day cushion gives change-management time.
Rolesowner, operations

Calculation

Calculated automatically from your Sendle data. See the At a glance summary above for what the metric tracks and the worked example below for a typical reading.

Worked example

The Australian DTC home-goods brand. Reading taken at 09:00 AEDT on 12 Mar 26.
WorkspaceKey issuedCalendared rotationDays remainingAlert state
sendle-au28 Mar 2528 Mar 2616Healthy (close to alert)
The card reads 16 days. The alert at <14 days is not yet firing but will trigger in 2 days. Five things to notice:
  1. The 16-day reading is the right time to schedule rotation. It is calendar-warning land: the operator has time to plan a rotation window during business hours next week. Sendle’s API does not auto-expire, so the merchant is rotating purely for security hygiene; missing the calendared date does not break despatch immediately.
  2. Sendle keys are functionally non-expiring. Unlike ShippyPro’s OAuth bearer model, Sendle’s API key remains valid indefinitely until the merchant manually revokes. The “expiry” the card tracks is a self-imposed rotation discipline, not a Sendle constraint. Some merchants set this to “never” and suppress the alert; the discipline is recommended for SOC 2 / ISO 27001 alignment.
  3. Rotation is fast. Generate new key in Sendle Dashboard → Settings → Account & Plans → API, copy, paste into the Vortex IQ connector settings, save. Total time <5 minutes if access is pre-authorised. The old key remains valid until manually revoked, so there is a grace overlap.
  4. For multi-region merchants, each region has its own key. AU and US Sendle accounts are separate; rotate independently and stagger the rotation calendar so they never expire in the same week.
  5. The card resets to the new rotation cadence after rotation. Update the calendared next-rotation in the connector config; the card re-reads on the next poll. If you forget to update the calendar, the card will show 0 or negative days while the actual key continues working; Sendle’s API will not error.

Sibling cards merchants should reference together

Token-expiry is binary at the day level (alert fires or not), and a leading indicator for connector failure when the merchant treats it as a real expiry not a calendared discipline.
CardWhy pair it with Days to Token ExpiryWhat the combination tells you
API Error RateLagging confirmation. Invalidated key produces 401 errors.Error rate climbing while expiry days drop = rotation deadline missed and key already invalid.
Label Generation SuccessDirect downstream effect.Drops to 0% the moment the key invalidates.
ShipmentsVolume processed.Drops to 0 the moment label-gen hits 0; useful for confirming despatch is fully blocked vs partially degraded.
Cross-connector: any other connector’s token-expiry cardWorkspace-wide rotation hygiene.Multiple connectors with simultaneous low expiry = the merchant’s rotation calendar is overdue stack-wide.
Cross-connector: alerting / on-call rotaEnsures the alert wakes someone.If the alert fires unattended, the silent-failure mode returns.

Reconciling against the vendor’s own dashboard

Where to look in Sendle’s own dashboard: Sendle Dashboard → Settings → API Keys. The page lists active keys with creation date and last-used timestamp. There is no expiry column because Sendle keys do not natively expire; the rotation calendar is merchant-owned. The card and the portal will not match exactly because the rotation date is held in Vortex IQ’s connector config, not in Sendle. Why our number may legitimately differ from Sendle’s portal:
ReasonDirectionWhy
Sendle has no native expiryAlwaysThe card displays a calendared rotation date set in the connector; Sendle does not store this. The two are independent fields by design.
Calendared rotation outdatedCard may show 0 or negativeIf the rotation date passes and the merchant did not update the connector, card shows expired while the actual key is still valid. Update the rotation date to resolve.
Multi-key accountsEitherSome merchants run multiple keys (one per integration). The card reads only the connected key.
Cross-connector reconciliation:
CardExpected relationshipWhat causes legitimate divergence
Other shipping connectors’ token-expiry cardsIndependent, except for shared rotation calendar policy.Merchants on quarterly stack-wide rotation will see synchronised counts.
Webhook-health monitorsKey-invalidation breaks API but not webhooks (Sendle posts to your endpoint).In-flight tracking continues until next outbound API call from the connector.

Known limitations / merchant FAQs

Sendle keys do not expire, why is this card hero-tier? Because the rotation discipline is part of operational hygiene even when the key itself is non-expiring. Long-lived API credentials are a known leak risk; quarterly or annual rotation reduces blast radius if a key is exposed. The card surfaces the calendared rotation; the merchant decides the cadence. Can I disable this card if I do not rotate? Yes. Set the rotation cadence to “never” in the connector configuration; the card displays “no rotation policy” and the alert is suppressed. Some merchants take this stance, accepting the static-key risk for simplicity. My calendared rotation date passed but despatch is still working. What now? Because Sendle does not auto-revoke, the actual key remains valid past your calendared rotation. The card alert means “you said you would rotate by X and X passed”. Either: (a) rotate now and update the calendar, (b) extend the calendar if you intentionally deferred. Do not ignore; the alert is hygiene. How long does Sendle key rotation actually take? Mechanical: 5 minutes. Generate new key in Sendle dashboard, copy to Vortex IQ connector settings, save. The new key starts working on the next API call. Old key continues working until you manually revoke it in Sendle’s dashboard, so there is a grace period of however long you choose. Typical rotation: generate new key Monday, switch connector Tuesday, revoke old key Friday once new key is confirmed working. Multi-region (AU + US) Sendle accounts, separate keys? Yes, each region issues its own key. Connect each separately in Vortex IQ; the card surfaces each as a separate workspace. Stagger the rotation calendar so they never expire in the same week. What happens if despatch is mid-batch when I rotate? Nothing. New API calls from the connector will use the new key; in-flight calls complete with the old. Sendle accepts both for as long as both are valid. There is no grace gap unless you revoke the old key before the connector reconnects. Why does the alert fire at 14 days specifically? Industry-standard for credential rotation. Two business weeks is enough cushion for change-management approval and rollback. Below 7 days is P2 escalation; below 2 days P1. Can the connector auto-rotate? Not yet for Sendle. Sendle’s API does not currently support programmatic key issuance for the merchant’s own account; rotation requires a human in the dashboard. Some other connectors support automated rotation; this is a Sendle-specific limitation. The card showed expired then went green, what happened? Likely the merchant updated the calendared rotation date in the connector after the card’s read cycle, or rotated the key and updated the date. Both reset the count. Audit log in the connector shows the change. Should I rotate annually or quarterly? Trade-off. Annual is lower operational overhead; quarterly is better security hygiene. Most ecommerce merchants accept annual for shipping connectors (low-data-sensitivity vs payments connectors). High-compliance accounts (PCI, SOC 2, ISO 27001) typically rotate quarterly or per their policy.

Tracked live in Vortex IQ Nerve Centre

Days to Token Expiry is one of hundreds of KPI pulses Vortex IQ tracks across Sendle and 70+ other ecommerce connectors. Nerve Centre runs the detection layer; Vortex Mind investigates the cause when something moves; Ask Viq lets you interrogate any number in plain English. Start for free or book a demo to see this metric running on your own data.