API User Token Expiry / Possible to change?

Hoping someone has some insight…

I’ve set up a “log in” API endpoint for one of my apps. I’m passing the username and password via POST as you might expect. And as a result, I get the expected User ID, token and expires values in a JSON message.

I have two questions:

1. It is possible to change the default value of “expires”? It appears to be 365 days, which is an awfully long time in my context. I was looking for something more like 1-2 weeks. Is this possible?

2. I also noticed that if I log the same user in via the API multiple times, all of the issued tokens remain valid. I understand why (because the previous tokens haven’t expired) but I was wondering if there was any mechanism to revoke previously issued tokens, or simply make the most recently issued token the only one that’s valid.

All suggestions and comments welcome.

-Nick

Is this perhaps a question for senior Bubble folks?

For those looking for the answer, I did get a helpful response from Bubble support:

If you are setting this up in a workflow using the “Log a user in” step, you can try unchecking the “stay logged in” box. This will expire the user’s session after 24 hours. Users with this parameter checked, however, will receive a cookie of length 365 days.

There isn’t currently a way to manually set the expiration time, but it has been suggested as a possible feature for future updates.

For my use case, 24 hours is much better than 365 days, so this will solve my problem. Hopefully the expiration time will become manually adjustable in a future update.