diff --git a/api.go b/api.go
index 635d2c8..f3cbac2 100644
--- a/api.go
+++ b/api.go
@@ -4,6 +4,7 @@ import (
 	"encoding/json"
 	"errors"
 	"net/http"
+	"strconv"
 	"strings"
 	"time"
 
@@ -17,10 +18,11 @@ type apiServer struct {
 }
 
 type apiResponse struct {
-	Success  bool   `json:"success"`
-	Error    string `json:"error,omitempty"`
-	Secret   string `json:"secret,omitempty"`
-	SecretId string `json:"secret_id,omitempty"`
+	Success   bool       `json:"success"`
+	Error     string     `json:"error,omitempty"`
+	ExpiresAt *time.Time `json:"expires_at,omitempty"`
+	Secret    string     `json:"secret,omitempty"`
+	SecretId  string     `json:"secret_id,omitempty"`
 }
 
 type apiRequest struct {
@@ -40,7 +42,14 @@ func (a apiServer) Register(r *mux.Router) {
 }
 
 func (a apiServer) handleCreate(res http.ResponseWriter, r *http.Request) {
-	var secret string
+	var (
+		expiry = cfg.SecretExpiry
+		secret string
+	)
+
+	if ev, err := strconv.ParseInt(r.URL.Query().Get("expire"), 10, 64); err == nil && (ev < expiry || cfg.SecretExpiry == 0) {
+		expiry = ev
+	}
 
 	if strings.HasPrefix(r.Header.Get("Content-Type"), "application/json") {
 		tmp := apiRequest{}
@@ -58,15 +67,21 @@ func (a apiServer) handleCreate(res http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	id, err := a.store.Create(secret, time.Duration(cfg.SecretExpiry)*time.Second)
+	id, err := a.store.Create(secret, time.Duration(expiry)*time.Second)
 	if err != nil {
 		a.errorResponse(res, http.StatusInternalServerError, err, "creating secret")
 		return
 	}
 
+	var expiresAt *time.Time
+	if expiry > 0 {
+		expiresAt = func(v time.Time) *time.Time { return &v }(time.Now().Add(time.Duration(expiry) * time.Second))
+	}
+
 	a.jsonResponse(res, http.StatusCreated, apiResponse{
-		Success:  true,
-		SecretId: id,
+		ExpiresAt: expiresAt,
+		Success:   true,
+		SecretId:  id,
 	})
 }
 
diff --git a/docs/openapi.yaml b/docs/openapi.yaml
index 86bd1b7..e9895ea 100644
--- a/docs/openapi.yaml
+++ b/docs/openapi.yaml
@@ -14,7 +14,7 @@ info:
     This API allows you to store and read the same secrets as the web
     application.
   title: Luzifer/OTS API
-  version: 0.x
+  version: 1.x
 externalDocs:
   description: Luzifer/OTS on Github
   url: https://github.com/Luzifer/ots
@@ -38,8 +38,20 @@ paths:
         become `https://ots.fyi/#5e0065ee-5734-4548-9fd3-bb0bcd4c899d|mypass`.
         Note that you should correctly [percent
         encode](https://datatracker.ietf.org/doc/html/rfc3986) the `|` (pipe)
-        character for it to work in all browsers. 
+        character for it to work in all browsers.
       operationId: createSecret
+      parameters:
+        - name: expire
+          in: query
+          description: >-
+            Override the default secret expiry with this value given in seconds.
+            Values bigger than the configured secret expiry will silently be
+            ignored and the default expiry will be used.
+          required: false
+          schema:
+            type: integer
+            format: int64
+            minimum: 0
       requestBody:
         required: true
         content: