When is it most necessary to change the API token?

Changing the API token is most necessary when there has been a security breach because a security breach may compromise the integrity and confidentiality of the data and access to your Qualtrics account. In such a case, the existing API token could potentially be in the hands of unauthorized users, posing a significant risk. Updating the token promptly helps to ensure that any compromised token is rendered useless, restoring the security of the API access.

While other situations, such as modifying roles or performing audits, could warrant a review of security measures, they do not carry the same immediate risk to data security as a security breach does. Frequent token changes are generally not required after project completions or during audits unless there are underlying concerns about security.