Issue Summary

Currently, an organization's audit log only includes simple "Created" and "Revoked" events for admin API keys. The expiration date of an admin API key is not included in the "Created" event's audit log entry and there is no audit log entry for "Expired." Additionally:

• All admin API keys have an expiration date, with a maximum of 1 year from its creation date.
• When an admin API key expires, it is no longer listed in the API keys UI for the organization.
• Attempting to use an expired admin API key results in a generic 401 Unauthorized error response (which is understandable, from a security standpoint).

Together, these points make it difficult to troubleshoot why an admin API key "suddenly" stops working in the event that it expires.

Steps to Reproduce

1. Create an admin API key and set its expiration for a future date up to 1 year away.
2. Attempt to continue using the admin API key to authenticate via the API after the expiration date.
3. Review the organization's API keys and Audit log pages in an attempt to verify the root cause of the API failure.

Expected Results

The Audit log includes an entry indicating the expiration of the admin API key.

Actual Results

There is no evidence anywhere in the Admin Hub that the expired admin API key existed (except perhaps its creation event in the Audit log, assuming it was created <90 days prior) and no evidence indicating why it is no longer listed on the API keys page.