Since Oauth is not available in Sandbox a security token needs to be used, but how long is the security token valid for?
Security tokens can be used in Production.
This will not affect APIKEYS.
Release : SAAS
Component : AGILE CENTRAL
The time a security token will be valid for is based on the timeout settings at the subscription level or at the user level if the subscription settings are set to let users choose.