From 31dc31fdf4e01486ceb3c23affb2d893b1339f1a Mon Sep 17 00:00:00 2001
From: JarrodSC <118443979+JarrodSC@users.noreply.github.com>
Date: Fri, 18 Nov 2022 12:23:17 +0100
Subject: [PATCH] Docs: Updated personal access tokens for accuracy (#2459)

Updated **personal access tokens** section to reflect that users
technically can set the expiration date to **never**.
---
 website/docs/reference/api-tokens-and-client-keys.mdx | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/website/docs/reference/api-tokens-and-client-keys.mdx b/website/docs/reference/api-tokens-and-client-keys.mdx
index 299a8a41bd..14c77fcf8c 100644
--- a/website/docs/reference/api-tokens-and-client-keys.mdx
+++ b/website/docs/reference/api-tokens-and-client-keys.mdx
@@ -61,17 +61,23 @@ Support for scoped admin tokens with more fine-grained permissions is currently
 
 When using a personal access token to modify resources, the event log will list the token creator's name for that operation.
 
-All personal access tokens have a lifetime and **will stop working after the expiration** date.
+Personal access tokens with a lifetime **will stop working after the expiration date**.
 
 Use personal access tokens to:
 
 - Provide more fine-grained permissions for automation than an admin token provides
 - Give temporary access to an automation tool
 
+:::info On token expiration
+
+It is possible to set a token's expiration date to **never**. However, a token that doesn't expire brings with it a few security concerns. We recommend that you use tokens with expiration dates whenever possible.
+
+:::
+
 Do **not** use personal access tokens for:
 
 -   [Client SDKs](../sdks/index.md): You will _not_ be able to read toggle data from multiple environments. Use [client tokens](#client-tokens) instead.
--   Write custom Unleash UIs: Personal access tokens have a lifetime and will expire, use [admin tokens](#admin-tokens) tokens instead.
+-   Write custom Unleash UIs: Personal access tokens may expire and their permissions may change. It's better to use [admin tokens](#admin-tokens) tokens instead.
 
 ### Client tokens