We get complains sometimes from the API consumers that the token get expired before 24hrs. That's why we are checking if we can retrieve analytics about token creation time, expire time, how many times the tokens were used, which api it was used.

Do you have any timeline of the implementation?

I don't have a timeline. All I can say is that the request for this capability is in the backlog. '

Tokens will not, should not expire before their stated expiry date. We have no evidence of that ever occurring, UNLESS the token is explicitly invalidated or removed via OAuthV2/InvalidateToken or DeleteOAuthV2Info. I understand that your API consumers have expressed that view with you.

Is the problem reproducible, and clearly documented? If not, a way to help diagnose the problem is for the API consumer (developer) that is observing shortened-life tokens to note the initiation time and originally stated expiry time of all tokens, and then IF there is an event in which the token is rejected before its expected end of life, log that event and reconcile that with the originally logged expiry time.

Using that information, we may be able to track down the cause of the surprise.