My question is, Is it possible/way to have API keys renewed before they are expired?
So let’s say the API keys are only valid for 30 days and let’s assume keys are going to expire on Nov 30th. So my question is can we renew API keys before Nov 30? or do we have to wait until Nov 30th to renew keys. If yes, how?
Also, what does null value for a DOME variable d2l.Security.API.TokenTimeout mean? Does it compute to some default no. of days before keys are expired?
When a userid or userkey is no longer valid (either due to a time out or due to a user resetting their keys explicitly or because of a password change) the next API calls will fail with a 403 code per this documentation:
We recommend though that you use one of the libraries which also assists with interpreting this condition:
See the Java interpretResult:
That Dome Variable controls how long before those user id and user key will expire. Some versions this is set to 30 days and on other it is set to “indefinite” (-1). This change needs to be requested through Desire2Learn’s Help Dessk.
You may also want to check out the management page
Update: explicitly clearing app keys is done by administrators in the user management tools per the screen shot below 
