API tokens for typical use in Jira Cloud don't have a finite lifespan, or a mechanism to set when they will expire. They will be valid until the user account who issued them is deactivated, or they are revoked. You can manually revoke them on the API tokens page in your account: https://id.atlassian.com/manage-profile/security/api-tokens
It should be noted that organizational admin API tokens are only valid for 7 days, but this is a separate API from what you would use to interact with Jira data (it's for adding/updating users across your whole site). Not what you need here, but worth mentioning to prevent confusion.
@Daniel Eads Is there a way for say an Admin to Query and find API tokens that are older than say 6 months - so that they can be centrally deactivated. Or some mechanism to prompt users to refresh these at a set interval?
Also what is the best screen for an admin to be able to see all API tokens in use.
Catch up with Atlassian Product Managers in our 2020 Demo Den round-up! From Advanced Roadmaps to Code in Jira to Next-Gen Workflows, check out the videos below to help up-level your work in the new ...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event