An error occurred:

Check: SRG-APP-000400-API-000860

Application Programming Interface (API) SRG: SRG-APP-000400-API-000860 (in version v1 r1)

Title

API access tokens must be configured to expire. (Cat II impact)

Discussion

API access tokens are short-lived credentials used to authenticate and authorize API requests. They are included in request headers to grant access to protected resources without requiring user credentials each time. To enhance security, they must have expiration times and require renewal through refresh tokens. If cached authentication information is out of date, the validity of the authentication information may be questionable.

Check Content

Verify API access tokens are configured to expire according to organizational defined parameters. If API access tokens are not configured to expire according to organizational defined parameters, this is a finding.

Fix Text

Build or configure API access tokens to expire according to organizational defined parameters.

Additional Identifiers

Rule ID: SV-274680r1143713_rule

Vulnerability ID: V-274680

Group Title: SRG-APP-000400

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-002007

Prohibit the use of cached authenticators after an organization-defined time period.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
IA-5(13)

Expiration of Cached Authenticators