Which statement is true for API Credentials?

The statement that API Credentials expire after 36 months is accurate as it aligns with best practices for security and access management. In many systems, API keys or credentials are designed to have a validity period to mitigate risks associated with prolonged access. This periodic expiration requires users to update their credentials, ensuring that any compromised keys can be rendered invalid after a certain time, thereby enhancing overall system security.

Having an expiration period encourages regular review and updates of API credentials, which is essential for maintaining a secure environment. Organizations benefit from implementing such measures, as they help prevent unauthorized access resulting from outdated or compromised credentials.

Other options either suggest a lack of expiration, which can lead to security vulnerabilities, or imply a much shorter lifecycle (12 months), which is generally less common in industry standards that favor longer renewal periods. The choice of a 36-month expiration aligns with practices within organizations that seek to balance security with convenience.