Docs: Updated personal access tokens for accuracy (#2459)

Updated **personal access tokens** section to reflect that users technically can set the expiration date to **never**.
2025-01-25 00:07:47 +01:00 · 2022-11-18 12:23:17 +01:00 · 2022-11-18 12:23:17 +01:00 · 31dc31fdf4
commit 31dc31fdf4
parent ef693d4c1a
1 changed files with 8 additions and 2 deletions
--- a/website/docs/reference/api-tokens-and-client-keys.mdx
+++ b/website/docs/reference/api-tokens-and-client-keys.mdx
@ -61,17 +61,23 @@ Support for scoped admin tokens with more fine-grained permissions is currently

 When using a personal access token to modify resources, the event log will list the token creator's name for that operation.

-All personal access tokens have a lifetime and **will stop working after the expiration** date.
+Personal access tokens with a lifetime **will stop working after the expiration date**.

 Use personal access tokens to:

 - Provide more fine-grained permissions for automation than an admin token provides
 - Give temporary access to an automation tool

+:::info On token expiration
+
+It is possible to set a token's expiration date to **never**. However, a token that doesn't expire brings with it a few security concerns. We recommend that you use tokens with expiration dates whenever possible.
+
+:::
+
 Do **not** use personal access tokens for:

 -   [Client SDKs](../sdks/index.md): You will _not_ be able to read toggle data from multiple environments. Use [client tokens](#client-tokens) instead.
-   Write custom Unleash UIs: Personal access tokens have a lifetime and will expire, use [admin tokens](#admin-tokens) tokens instead.
+-   Write custom Unleash UIs: Personal access tokens may expire and their permissions may change. It's better to use [admin tokens](#admin-tokens) tokens instead.

 ### Client tokens