Currently, API token expiry notifications are sent only to the user who created the token. This creates a single point of failure—if the creator is unavailable (e.g., on leave or has left the organization), critical integrations may break without timely action.

Suggested solution:

• Enable admins to specify additional email addresses (e.g., other admins, distribution lists) to receive API token expiry notifications.

• This could be managed via the Admin Hub or during token creation.

• Optionally, allow notifications to be sent to a group or role (e.g., all site admins).

Impact:
This change would help teams stay ahead of disruptions, ensure timely token rotation, and reduce the risk of broken integrations due to missed expiry warnings.