diff --git a/api/src/auth/auth.module.ts b/api/src/auth/auth.module.ts
index 2dfc6a9..b2b3591 100644
--- a/api/src/auth/auth.module.ts
+++ b/api/src/auth/auth.module.ts
@@ -1,7 +1,7 @@
 import { Module } from "@nestjs/common"
 import { CacheModule } from "@nestjs/cache-manager"
 import { JwtModule } from "@nestjs/jwt"
-import createJwtConfig from "../config/jwt.config"
+import createJwtConfig, { JWT_ACCESS_TOKEN_EXPIRES_IN } from "../config/jwt.config"
 import { AuthController } from "./auth.controller"
 import { AuthService } from "./auth.service"
 import { TokenDenylistService } from "./token-denylist.service"
@@ -9,8 +9,6 @@ import { UsersRepository } from "./users.repository"
 import { PasswordResetService } from "./password-reset.service"
 import { AuditModule } from "../audit/audit.module"
 
-const JWT_EXPIRES_IN = "15m"
-
 @Module({
   imports: [
     AuditModule,
@@ -19,7 +17,7 @@ const JWT_EXPIRES_IN = "15m"
       max: 1024,
     }),
     JwtModule.registerAsync({
-      useFactory: () => createJwtConfig(JWT_EXPIRES_IN),
+      useFactory: () => createJwtConfig(JWT_ACCESS_TOKEN_EXPIRES_IN),
     }),
   ],
   controllers: [AuthController],
diff --git a/api/src/config/jwt.config.ts b/api/src/config/jwt.config.ts
index a933882..727b263 100644
--- a/api/src/config/jwt.config.ts
+++ b/api/src/config/jwt.config.ts
@@ -2,15 +2,16 @@ import { JwtModuleOptions } from "@nestjs/jwt"
 import { randomBytes } from "crypto"
 import { env } from "./env"
 
-export function createJwtConfig(expiresIn = "1h"): JwtModuleOptions {
-  // Prefer the explicitly set env var, but fall back to validated env if present
+export const JWT_ACCESS_TOKEN_EXPIRES_IN = "15m"
+
+export function createJwtConfig(expiresIn = JWT_ACCESS_TOKEN_EXPIRES_IN): JwtModuleOptions {
   const secret = process.env.JWT_SECRET ?? env.JWT_SECRET
 
   if (!secret) {
     if (env.NODE_ENV === "development") {
       const generated = randomBytes(32).toString("hex")
       console.warn(
-        "WARNING: No JWT_SECRET set; generating a random secret for development only. This is INSECURE for production."
+        "WARNING: No JWT_SECRET set; generating a random secret for development only. This is INSECURE for production.",
       )
       console.warn(`Generated development JWT secret: ${generated}`)
       return { secret: generated, signOptions: { expiresIn } }
diff --git a/api/src/gateways/gateways.module.ts b/api/src/gateways/gateways.module.ts
index a9572a0..3d9fe99 100644
--- a/api/src/gateways/gateways.module.ts
+++ b/api/src/gateways/gateways.module.ts
@@ -1,6 +1,6 @@
 import { Module } from "@nestjs/common"
 import { JwtModule } from "@nestjs/jwt"
-import createJwtConfig from "../config/jwt.config"
+import createJwtConfig, { JWT_ACCESS_TOKEN_EXPIRES_IN } from "../config/jwt.config"
 import { MetricsModule } from "../metrics/metrics.module"
 import { StreamsGateway } from "./streams.gateway"
 
@@ -14,7 +14,7 @@ import { StreamsGateway } from "./streams.gateway"
   imports: [
     MetricsModule,
     JwtModule.registerAsync({
-      useFactory: () => createJwtConfig("1h"),
+      useFactory: () => createJwtConfig(JWT_ACCESS_TOKEN_EXPIRES_IN),
     }),
   ],
   providers: [StreamsGateway],