The Key Management Module primarily serves two user groups.
Account Managers
While fewer in number, they manage a significant number of merchant accounts. Their primary involvement lies in broader key management tasks beyond just generation and updates.
Interview findings
Limited Expiration Notifications
Key Management Challenges
Developers
Represent the majority of users and are primarily responsible for API key generation and updates. Their frequent interactions with the system make them the dominant user group.
Interview findings
Insufficient Information for Informed Decisions
Key Management Challenges
Every Monday, the first thing I do is check if any keys are expiring within the next 30 days
an Account Manager from a major bank
Unused Keys
Unused keys were frequently left undeactivated due to lack of awareness or perceived urgency, creating unnecessary security vulnerabilities. The absence of a structured key lifecycle or visibility into key status made it difficult for Account Managers to track, rotate, or retire keys effectively.
Insight from Customer Support
When service disruptions occurred due to key expiration, customers reached out to the Support Team for assistance. To mitigate the impact, a two-week grace period was offered, allowing customers extra time to update their keys and restore service continuity.
Heuristic Evaluation Findings
Error Prevention & Recognition
Lack of Clear Warning
Inconsistent Information Hierarchy
Date-Time Readability