How to maintain a FIWARE apikey?

Reviewing the IoT Agent documentation I have seen that the "apikey" is a parameter to uniquely identify a service group. The following figure shows how to identify a set of commands and attributes associated with a device type.

"services": [
        {
            "apikey": "5jggokgpepnvsb2uv4s40d59ov",
            "cbroker":     "'"http://orion:$ORION_PORT"'",
            "entity_type": "Agv",
            "transport": "MQTT",
            "resource": "",
            "commands": [
                {
          ....

However, I have not found information on whether there is any service that allows to create, verify and maintain the created apikey beyond managing them using a CRUD. Is there any FIWARE service or best practice that allows this?

I'm not sure what kind of managing service are you thinking on...

For example we've got an administration portal able to generate ramdom apikeys to be used and shared, we also use it to list and manage apikeys but they are kept just within the iotAgent Service and managed by using IotAgent api. We don't require an extra service, except some secret/password manager like Vaultier for ops purposes.

As part of the process we also share private integration docs for every data provider stating which apikeys they should use for every kind of device/measure. But there is no service involved. It's just an OTT process.

As for best practices:

• we append some "mark" or meaningful information within the apikey, so we can recognize them easily: preMOBAdfjf3ddfvDfj34f, proDLd3324jf3vDfj34f
• and we use 25 chars apikeys

Best