API tokens use the widely used JWT encoding format, and we take extra measures to harden the tokens:
- Configurable lifetime (defaults to 4 hours)
- Configurable storage policy (defaults to session storage)
- Revoked at logout
- Invalidate all user tokens on request
- Client fingerprinting
Change the lifetime of a token
By changing the lifetime of a token, users will be logged out after their token expires.
Follow these instructions to change the lifetime of the token:
- Navigate to the Settings page under the Administrations > Settings menu.
- Select the System tab and scroll down to the Security section.
- Choose the desired token lifetime from the dropdown menu:
4. Click the Update button to apply the change.