Skip to content

Changing the default token expiration time

Access tokens have an expiration time, which is set to 60 minutes by default.

To change the default expiration time of application access tokens, To enable or disable token cleanup, open the <API-M_HOME>/repository/conf/deployment.toml file and do the following changes under [oauth.token_validation].(add the configuration if not exists in the deployment.toml file)

[oauth.token_validation]
app_access_token_validity = 2000

Note

Changes you have done here will be applied only to the new applications that you create.

Alternatively, you can set a default expiration time through the UI when generating/regenerating the application access token.This is explained in previous sections .

Similarly, to change the default expiration time of user access tokens, put configuration with value or modify the value defined in the user_access_token_validity element in the <API-M_HOME>/repository/conf/deployment.toml file under [oauth.token_validation].

User access tokens have an expiration time, which is set to 60 minutes by default.

[oauth.token_validation]
user_access_token_validity = 3000

To change the default expiration time of refresh tokens, put configuration with value or modify the value defined in the refresh_token_validity element in the <API-M_HOME>/repository/conf/deployment.toml file under [oauth.token_validation].

Refresh access tokens have an expiration time, which is set to 24 hours by default.

[oauth.token_validation]
refresh_token_validity = 86400

Note

finally you have following if you configured all above configurations.

    [oauth.token_validation]
    app_access_token_validity = 2000
    user_access_token_validity = 3000
    refresh_token_validity = 86400

Also see Configuring Caching for several caching options available to optimize key validation.

Top