IBM · pyrooka · Jan 13, 2026 · Jan 6, 2026
diff --git a/iam-identity/v1.ts b/iam-identity/v1.ts
@@ -1,5 +1,5 @@
 /**
- * (C) Copyright IBM Corp. 2025.
+ * (C) Copyright IBM Corp. 2026.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -993,6 +993,8 @@ class IamIdentityV1 extends BaseService {
    * access, delete or rotate the API key. Available only for user API keys.
    * @param {string} [params.actionWhenLeaked] - Defines the action to take when API key is leaked, valid values are
    * 'none', 'disable' and 'delete'.
+   * @param {string} [params.expiresAt] - Date and time when the API key becomes invalid, ISO 8601 datetime in the
+   * format 'yyyy-MM-ddTHH:mm+0000'.
    * @param {string} [params.entityLock] - Indicates if the API key is locked for further write operations. False by
    * default.
    * @param {string} [params.entityDisable] - Indicates if the API key is disabled. False by default.
@@ -1013,6 +1015,7 @@ class IamIdentityV1 extends BaseService {
       'storeValue',
       'supportSessions',
       'actionWhenLeaked',
+      'expiresAt',
       'entityLock',
       'entityDisable',
       'signal',
@@ -1032,6 +1035,7 @@ class IamIdentityV1 extends BaseService {
       'store_value': _params.storeValue,
       'support_sessions': _params.supportSessions,
       'action_when_leaked': _params.actionWhenLeaked,
+      'expires_at': _params.expiresAt,
     };
 
     const sdkHeaders = getSdkHeaders(IamIdentityV1.DEFAULT_SERVICE_NAME, 'v1', 'createApiKey');
@@ -1203,6 +1207,8 @@ class IamIdentityV1 extends BaseService {
    * access, delete or rotate the API key. Available only for user API keys.
    * @param {string} [params.actionWhenLeaked] - Defines the action to take when API key is leaked, valid values are
    * 'none', 'disable' and 'delete'.
+   * @param {string} [params.expiresAt] - Date and time when the API key becomes invalid, ISO 8601 datetime in the
+   * format 'yyyy-MM-ddTHH:mm+0000'.
    * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
    * @returns {Promise<IamIdentityV1.Response<IamIdentityV1.ApiKey>>}
    */
@@ -1218,6 +1224,7 @@ class IamIdentityV1 extends BaseService {
       'description',
       'supportSessions',
       'actionWhenLeaked',
+      'expiresAt',
       'signal',
       'headers',
     ];
@@ -1231,6 +1238,7 @@ class IamIdentityV1 extends BaseService {
       'description': _params.description,
       'support_sessions': _params.supportSessions,
       'action_when_leaked': _params.actionWhenLeaked,
+      'expires_at': _params.expiresAt,
     };
 
     const path = {
@@ -6040,6 +6048,8 @@ namespace IamIdentityV1 {
     supportSessions?: boolean;
     /** Defines the action to take when API key is leaked, valid values are 'none', 'disable' and 'delete'. */
     actionWhenLeaked?: string;
+    /** Date and time when the API key becomes invalid, ISO 8601 datetime in the format 'yyyy-MM-ddTHH:mm+0000'. */
+    expiresAt?: string;
     /** Indicates if the API key is locked for further write operations. False by default. */
     entityLock?: string;
     /** Indicates if the API key is disabled. False by default. */
@@ -6090,6 +6100,8 @@ namespace IamIdentityV1 {
     supportSessions?: boolean;
     /** Defines the action to take when API key is leaked, valid values are 'none', 'disable' and 'delete'. */
     actionWhenLeaked?: string;
+    /** Date and time when the API key becomes invalid, ISO 8601 datetime in the format 'yyyy-MM-ddTHH:mm+0000'. */
+    expiresAt?: string;
   }
 
   /** Parameters for the `deleteApiKey` operation. */
@@ -7708,6 +7720,8 @@ namespace IamIdentityV1 {
     support_sessions?: boolean;
     /** Defines the action to take when API key is leaked, valid values are 'none', 'disable' and 'delete'. */
     action_when_leaked?: string;
+    /** Date and time when the API key becomes invalid, ISO 8601 datetime in the format 'yyyy-MM-ddTHH:mm+0000'. */
+    expires_at?: string;
     /** The optional description of the API key. The 'description' property is only available if a description was
      *  provided during a create of an API key.
      */
@@ -7751,6 +7765,10 @@ namespace IamIdentityV1 {
      *  allow storing of API keys for users.
      */
     store_value?: boolean;
+    /** Defines the action to take when API key is leaked, valid values are 'none', 'disable' and 'delete'. */
+    action_when_leaked?: string;
+    /** Date and time when the API key becomes invalid, ISO 8601 datetime in the format 'yyyy-MM-ddTHH:mm+0000'. */
+    expires_at?: string;
   }
 
   /**
@@ -8047,16 +8065,6 @@ namespace IamIdentityV1 {
     enrolled: boolean;
   }
 
-  /**
-   * MfaEnrollments.
-   */
-  export interface MfaEnrollments {
-    /** currently effective mfa type i.e. id_based_mfa or account_based_mfa. */
-    effective_mfa_type: string;
-    id_based_mfa?: IdBasedMfaEnrollment;
-    account_based_mfa?: AccountBasedMfaEnrollment;
-  }
-
   /**
    * Metadata for external access policy.
    */
@@ -8935,7 +8943,10 @@ namespace IamIdentityV1 {
     username: string;
     /** Email of the user. */
     email?: string;
-    enrollments: MfaEnrollments;
+    /** currently effective mfa type i.e. id_based_mfa or account_based_mfa. */
+    effective_mfa_type: string;
+    id_based_mfa: IdBasedMfaEnrollment;
+    account_based_mfa: AccountBasedMfaEnrollment;
   }
 }
 

diff --git a/test/integration/iam-identity.v1.test.js b/test/integration/iam-identity.v1.test.js
@@ -140,6 +140,7 @@ describe('IamIdentityV1_integration', () => {
       name: apikeyName,
       iamId,
       description: 'NodeSDK test apikey #1',
+      expiresAt: '2049-01-02T18:30:00+0000',
     };
 
     iamIdentityService
@@ -306,6 +307,7 @@ describe('IamIdentityV1_integration', () => {
       id: apikeyId1,
       ifMatch: apikeyEtag1,
       description: newDescription,
+      expiresAt: "2026-01-02T18:30:00+0000",
     };
 
     iamIdentityService
@@ -474,10 +476,17 @@ describe('IamIdentityV1_integration', () => {
   });
 
   test('createServiceId()', (done) => {
+    const apiKeyInsideCreateServiceIdRequestModel = {
+      name: 'APIKey Name',
+      store_value: true,
+      expires_at: '2049-01-02T18:30:00+0000',
+    };
+
     const params = {
       accountId,
       name: serviceIdName,
       description: 'NodeSDK ServiceId desc',
+      apikey: apiKeyInsideCreateServiceIdRequestModel,
     };
 
     iamIdentityService

diff --git a/test/unit/iam-identity.v1.test.js b/test/unit/iam-identity.v1.test.js
@@ -1,5 +1,5 @@
 /**
- * (C) Copyright IBM Corp. 2025.
+ * (C) Copyright IBM Corp. 2026.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -212,6 +212,8 @@ describe('IamIdentityV1', () => {
         description: 'testString',
         apikey: 'testString',
         store_value: true,
+        action_when_leaked: 'testString',
+        expires_at: 'testString',
       };
 
       function __createServiceIdTest() {
@@ -1292,6 +1294,7 @@ describe('IamIdentityV1', () => {
         const storeValue = true;
         const supportSessions = true;
         const actionWhenLeaked = 'testString';
+        const expiresAt = 'testString';
         const entityLock = 'false';
         const entityDisable = 'false';
         const createApiKeyParams = {
@@ -1303,6 +1306,7 @@ describe('IamIdentityV1', () => {
           storeValue,
           supportSessions,
           actionWhenLeaked,
+          expiresAt,
           entityLock,
           entityDisable,
         };
@@ -1331,6 +1335,7 @@ describe('IamIdentityV1', () => {
         expect(mockRequestOptions.body.store_value).toEqual(storeValue);
         expect(mockRequestOptions.body.support_sessions).toEqual(supportSessions);
         expect(mockRequestOptions.body.action_when_leaked).toEqual(actionWhenLeaked);
+        expect(mockRequestOptions.body.expires_at).toEqual(expiresAt);
       }
 
       test('should pass the right params to createRequest with enable and disable retries', () => {
@@ -1560,13 +1565,15 @@ describe('IamIdentityV1', () => {
         const description = 'testString';
         const supportSessions = true;
         const actionWhenLeaked = 'testString';
+        const expiresAt = 'testString';
         const updateApiKeyParams = {
           id,
           ifMatch,
           name,
           description,
           supportSessions,
           actionWhenLeaked,
+          expiresAt,
         };
 
         const updateApiKeyResult = iamIdentityService.updateApiKey(updateApiKeyParams);
@@ -1588,6 +1595,7 @@ describe('IamIdentityV1', () => {
         expect(mockRequestOptions.body.description).toEqual(description);
         expect(mockRequestOptions.body.support_sessions).toEqual(supportSessions);
         expect(mockRequestOptions.body.action_when_leaked).toEqual(actionWhenLeaked);
+        expect(mockRequestOptions.body.expires_at).toEqual(expiresAt);
         expect(mockRequestOptions.path.id).toEqual(id);
       }