diff --git a/backend/services/system-setting/src/main/java/io/metersphere/system/security/ApiKeyHandler.java b/backend/services/system-setting/src/main/java/io/metersphere/system/security/ApiKeyHandler.java
index e5be4c4b0b..c64604f922 100644
--- a/backend/services/system-setting/src/main/java/io/metersphere/system/security/ApiKeyHandler.java
+++ b/backend/services/system-setting/src/main/java/io/metersphere/system/security/ApiKeyHandler.java
@@ -5,6 +5,7 @@ import io.metersphere.sdk.util.CommonBeanFactory;
 import io.metersphere.system.domain.UserKey;
 import io.metersphere.system.service.UserKeyService;
 import jakarta.servlet.http.HttpServletRequest;
+import org.apache.commons.lang3.BooleanUtils;
 import org.apache.commons.lang3.StringUtils;
 
 public class ApiKeyHandler {
@@ -35,6 +36,14 @@ public class ApiKeyHandler {
         if (userKey == null) {
             throw new RuntimeException("invalid accessKey");
         }
+        if (BooleanUtils.isFalse(userKey.getEnable())) {
+            throw new RuntimeException("accessKey is disabled");
+        }
+        if (BooleanUtils.isFalse(userKey.getForever())) {
+            if (userKey.getExpireTime() == null || userKey.getExpireTime() < System.currentTimeMillis()) {
+                throw new RuntimeException("accessKey is expired");
+            }
+        }
         String signatureDecrypt;
         try {
             signatureDecrypt = CodingUtils.aesDecrypt(signature, userKey.getSecretKey(), accessKey);