tokens – Does the Drupal hash salt / private key change?

I created a token that I store in the database, here's how to create my token:

$ token = drupal_hmac_base64 ($ pid. "". $ order_id. "". $ balance, drupal_get_private_key (). drupal_get_hash_salt ());

And then when a user goes on my URL that looks like this:

https://mycustomwebsite.com/order_id/token

With the token and another value: order number, I receive the line in my database with the order number then I create a new token:

$ new_token = drupal_hmac_base64 ($ pid. "". $ order-> order_id. "". $ balance, drupal_get_private_key (). drupal_get_hash_salt ());

I compare these two chips just for a check to grant access or not.

It works well, but a few days later, when I try to go on a link, access does not work anymore. When I look at the new_token generated for verification this is not the same!
But the value used to make this token (pid, order number and balance) are the same, so here's why I ask my question.

Is the drupal_get_hash_salt () or drupal_get_private_key () can return different values ​​in time?