Modifying API Token lifetime

System Information
  • Strapi Version: v4.1.0
  • Operating System: Linux
  • Database: PG
  • Node Version: 16
  • NPM Version: 8.3.1
  • Yarn Version: 1.22.1

I am using Strapi version 4 and everything works fine. However When I use API tokens, they work for a while and after a few hours I start getting 403 errors. If I renew token routs start working.
I guess API tokens have a lifetime. How can I modify this lifetime?

Did you find a solution to this? I’m having the same issue and don’t see anything about the tokens lifetime or why they only work for so long

Hi, no unfortunately I still have this issue.

I dont have a solution, but I am as well running into this same problem…

I think I found the solution in here: [v4] API token get invalidated seemingly at random · Issue #12255 · strapi/strapi · GitHub

Has to do with the env variable: API_TOKEN_SALT


I guess the reason for that is when we deply app on the cloud servers, they go to sleep after a while and when they wake up again they will regenerate an Api SALT key randomly and it causes invalidation of tokens.
I guess as people did in that topic we just need to read it from env variable and it should fix the problem

Yeah, I found the same GitHub issue/bug yesterday. I follow the instructions someone gave of adding an API_TOKEN_SALT as Config Var in Heroku. It’s been over 24 hours and my API Token is still working.