If I generate an apiKey for a user and set the key to expire in 90 days, then in 30 days generate a new apiKey that expires in 90 days, is the first key still valid for the original 90 days or does it get invalidated when the second key is generated?