Skip to content
Latchkey

What Is a Short-Lived Token?

A short-lived token is an authentication token deliberately given a short validity window, sometimes only a few minutes. When it expires the client must obtain a new one, so any leaked copy quickly becomes useless. It contrasts with static, long-lived keys that stay valid until manually revoked.

Why it matters

Reducing a token lifetime narrows the window during which a stolen value works. It is a key reason federated, on-demand credential issuance is preferred over stored long-term keys.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →