Do access keys created/deleted by API get propagated immediately?

We have an authentication scheme whereby we periodically create new API keys and delete old ones, (using API calls to manage those keys), for public users to access content.

If we create/delete an API key using the API, will that be in effect immediately for the next user request to the API for data, or does it take some time for the changes to propagate?

Our concern is that there would be some time period, however short, whereby a user would have a stale API key, even if we delivered the new API key to the client.