# Set User Refresh Token Expiration Time

**PUT /groups/{groupId}/apps/{appId}/security/refresh_token_expiration**

Set the expiration time in seconds for user session refresh tokens.


## Servers
- The root API resource and starting point for the App Services API.: https://services.cloud.mongodb.com/api/admin/v3.0 (The root API resource and starting point for the App Services API.)


## Authentication methods
- Token auth


## Parameters

### Path parameters
- **groupId** (string)
  An Atlas [Project/Group
  ID](https://docs.atlas.mongodb.com/tutorial/manage-projects/).
- **appId** (string)
  The ObjectID of your application.
  [The App Services API Project and Application IDs section](#section/Project-and-Application-IDs) demonstrates how to find this
  value.


### Body: application/json (object)

- **expiration_time_seconds** (number)
  The time in seconds that a user session refresh token is
  valid for after it is issued. After this time, the token is
  expired and the user must re-authenticate.

  The expiration time must be between 30 minutes and 5 years,
  inclusive. The default expiration time is 60 days.


## Responses
### 204
Expiration time updated

### 400
Invalid expiration time

### 404
Group or App Not Found


[Powered by Bump.sh](https://bump.sh)