Hey Reduct Team,
Do you plan to add optional TTL to the tokens created through the API/SDK?
Ideally I would like to set lets say 1h to a token I create using an SDK, and after that time has passed, the token is revoked/removed.
1 Like
Hi @vicmassy .
Yes, we’re planning to improve the security of the database. We are currently working on a roadmap to make it CRA compliant. It is a large-scale project that will affect many aspects of our software and company. That’s what 2026 is all about. The authentication/authorisation model is part of it. I don’t mind starting with that, since it’s the simplest part. This is what I’d implement:
- Token TTL (a good idea, by the way).
- Token expiry
- Rotation (a more convenient way to recreate it).
- White lists of IP addresses
- Last Access indication
The backlog for v1.18 is already full (release month is January 2026), but we can include it in v1.19 for release in March.
1 Like