Skip to main content


Authentication tokens

API tokens use the widely used JWT encoding format, and we take extra measures to harden the tokens:

  • Configurable lifetime (defaults to 4 hours)
  • Configurable storage policy (defaults to session storage)
  • Revoked at logout
  • Invalidate all user tokens on request
  • Client fingerprinting

Change the lifetime of a token

By changing the lifetime of a token, users will be logged out after their token expires.

Follow these instructions to change the lifetime of the token:

  1. Navigate to the Settings page under the Administrations > Settings menu.
  2. Select the System tab and scroll down to the Security section.
  3. Choose the desired token lifetime from the dropdown menu:

Token expiration times

4. Click the Update button to apply the change.