Skip to main content


A-Z glossary of PageSeeder concepts


A random string generated by PageSeeder and used for authentication or authorization depending on the type of token used.

Access token

Access tokens are issued for OAuth clients on behalf of a member, to access their account through the API. The OAuth client configuration determines which OAuth authorization flow clients can use to get an access token as well as how long the token is valid for.

Built-in security tokens

Security tokens are always associated with a specific user account.

TypePurposeDefault lifetime
remember-meRemember me cookie used for sign-in90 days
activate-memberAccount activation 2 days
change-emailChange of email address12 hours
reset-passwordReset password flow12 hours

End users can list and revoke any persistent tokens associated with them from their security settings and password page.

The expiration of security tokens can be configured in the organization config. For example:

  <token type="activate-member" expiration="P90D" />
  <token type="reset-password" expiration="P2DT12H" />

Other types of token

  • Authorization codes – are special types of tokens that are short-lived and single-use.
  • ID Token – carries identity information about a user.
Created on , last edited on