diff --git a/doc/api/http_api.md b/doc/api/http_api.md
index a51c3b5442b..5f3b1da8e1b 100644
--- a/doc/api/http_api.md
+++ b/doc/api/http_api.md
@@ -161,7 +161,7 @@ Responses are valid JSON in the following format:
 
 ### Authentication
 
-Authentication works via an OAuth token that is sent with each request as a post parameter. You can add new clients that can sign in via the API by adding new entries to the sso section in the settings.json.
+Authentication works via an OAuth token that is sent with each request as an Authorization header, i.e. `Authorization: Bearer YOUR_TOKEN`. You can add new clients that can sign in via the API by adding new entries to the sso section in the settings.json.
 
 
 #### Example for browser login clients
@@ -200,6 +200,10 @@ E.g. a service that creates a pad for a user or a service that inserts a text in
 }
 ```
 
+Obtain a Bearer token:
+
+`curl --request POST --url 'https://your.server.tld/oidc/token' --header 'content-type: application/x-www-form-urlencoded' --data grant_type=client_credentials --data client_id=client_credentials --data client_secret=client_credentials`
+
 
 ### Node Interoperability
 
diff --git a/settings.json.docker b/settings.json.docker
index d9693182205..621c7b9b1e5 100644
--- a/settings.json.docker
+++ b/settings.json.docker
@@ -669,5 +669,16 @@
           "redirect_uris": ["${USER_REDIRECT:http://localhost:9001/}"]
         }
       ]
-    }
+    },
+
+  /* Set the time to live for the tokens
+     This is the time of seconds a user is logged into Etherpad
+  "ttl": {
+      "AccessToken": 3600,
+      "AuthorizationCode": 600,
+      "ClientCredentials": 3600,
+      "IdToken": 3600,
+      "RefreshToken": 86400
+  }
+  */
 }
diff --git a/settings.json.template b/settings.json.template
index 85165b2f083..039fa2966f3 100644
--- a/settings.json.template
+++ b/settings.json.template
@@ -671,4 +671,15 @@
         }
       ]
     }
+
+    /* Set the time to live for the tokens
+         This is the time of seconds a user is logged into Etherpad
+    "ttl":  {
+        "AccessToken": 3600,
+        "AuthorizationCode": 600,
+        "ClientCredentials": 3600,
+        "IdToken": 3600,
+        "RefreshToken": 86400
+    }
+    */
 }
diff --git a/src/node/security/OAuth2Provider.ts b/src/node/security/OAuth2Provider.ts
index e34926d5b1d..e212113504b 100644
--- a/src/node/security/OAuth2Provider.ts
+++ b/src/node/security/OAuth2Provider.ts
@@ -47,13 +47,7 @@ const configuration: Configuration = {
             } as Account
         }
     },
-    ttl:{
-        AccessToken: 1 * 60 * 60, // 1 hour in seconds
-        AuthorizationCode: 10 * 60, // 10 minutes in seconds
-        ClientCredentials: 1 * 60 * 60, // 1 hour in seconds
-        IdToken: 1 * 60 * 60, // 1 hour in seconds
-        RefreshToken: 1 * 24 * 60 * 60, // 1 day in seconds
-    },
+    ttl: settings.ttl,
     claims: {
         openid: ['sub'],
         email: ['email'],
diff --git a/src/node/utils/Settings.ts b/src/node/utils/Settings.ts
index e773f656ee1..1e8485c044b 100644
--- a/src/node/utils/Settings.ts
+++ b/src/node/utils/Settings.ts
@@ -98,6 +98,16 @@ exports.title = 'Etherpad';
  */
 exports.favicon = null;
 
+exports.ttl = {
+    AccessToken: 1 * 60 * 60, // 1 hour in seconds
+    AuthorizationCode: 10 * 60, // 10 minutes in seconds
+    ClientCredentials: 1 * 60 * 60, // 1 hour in seconds
+    IdToken: 1 * 60 * 60, // 1 hour in seconds
+    RefreshToken: 1 * 24 * 60 * 60, // 1 day in seconds
+}
+
+
+
 /*
  * Skin name.
  *