You can deactivate API tokens by deleting them or by deactivating the user account.

To delete a token,

1. Go to the list of all tokens in the Rancher API view at https://<Rancher-Server-IP>/v3/tokens.

2. Click Delete.

Here is the complete list of tokens that are generated with ttl=0:

Setting TTL on Kubeconfig Tokens

Admins can set a global TTL on Kubeconfig tokens. Once the token expires the kubectl command will require the user to authenticate to Rancher.

2. Go to setting kubeconfig-token-ttl-minutes in the Rancher API view at https://<Rancher-Server-IP/v3/settings/kubeconfig-token-ttl-minutes. By default, kubeconfig-token-ttl-minutes is 960 (16 hours).

3. Edit the setting and set the value to desired duration in minutes. Note: This value cannot exceed max-ttl of API tokens.(https://<Rancher-Server-IP/v3/settings/auth-token-max-ttl-minutes). auth-token-max-ttl-minutes is set to 1440 (24 hours) by default. auth-token-max-ttl-minutes would default to 0 allowing tokens to never expire.