Tokens are an essential part of keeping your application secure. They enable the continued verification of users and applications (including APIs), and are a mechanism for detecting unauthorized intruders.

There are several types of tokens - ID tokens, access tokens, refresh tokens - with the main configuration task being to define the lifetime of each token.

Tokens need to be updated and refreshed to remain secure, which is why you need to set how long a token lasts, for each token type. This needs to be configured per application.

1. Go to Settings > Environment > Applications.
2. Select View details on the application tile.
3. Select Tokens in the side menu.
4. For each token type, set the expiry time in seconds. Tip: 3,600 seconds is one hour; 84,000 seconds is one day.
5. Select Save.

You can revoke access and refresh tokens via the Kinde Management API. Search the Kinde API docs.