Timeout for authentication sessions needs to be based on expected time T&Cs take to read

Description

For security purposes users have a time limited session. This timeout limit needs to allow them to read the T&C.

Acceptance criteria

• expected max time to read T&Cs is documented in this ticket comments
• API session timeout is set to documented time - 20 minutes between uses time & 30 minutes for overall token expiry