Configuring Token Lifetime

The default token lifetime policy that applies to Orchestrator REST API tokens is 15 minutes for an access token and 120 min for a refresh token. However, a user can change the token lifetime defaults to meet the necessary security requirements.

To specify the lifetime of tokens issued by the Orchestrator REST API, do the following:

  1. On the machine running the Orchestrator server, locate the Web.config configuration file.

By default, the file is located in the C:\Program Files\Veeam\Web UI folder.

  1. Open the Web.config file in Notepad or any other editor.
  2. Locate the AuthenticationSettings tag, and set the new values for the accessTokenExpireMinutes and refreshTokenExpireMinutes parameters.

<AuthenticationSettings accessTokenExpireMinutes="15" refreshTokenExpireMinutes="120"/>

  1. Save the changes.
  2. Restart the Veeam Recovery Orchestrator site to apply the changes:
  1. Open the Internet Information Services (IIS) Manger.
  2. In the Connections pane, expand the server node and navigate to Sites > Veeam Recovery Orchestrator Web UI.
  3. In the Manage Website pane, click Restart.