diff --git a/virtweb_backend/src/api_tokens.rs b/virtweb_backend/src/api_tokens.rs
index 31dacdc..c2955d7 100644
--- a/virtweb_backend/src/api_tokens.rs
+++ b/virtweb_backend/src/api_tokens.rs
@@ -210,6 +210,14 @@ pub async fn update_rights(id: TokenID, rights: TokenRights) -> anyhow::Result<(
     Ok(())
 }
 
+/// Set last_used value of token
+pub async fn refresh_last_used(id: TokenID) -> anyhow::Result<()> {
+    let mut token = get_single(id).await?;
+    token.last_used = time();
+    token.save()?;
+    Ok(())
+}
+
 /// Delete an API token
 pub async fn delete(id: TokenID) -> anyhow::Result<()> {
     let path = AppConfig::get().api_token_definition_path(id);
diff --git a/virtweb_backend/src/extractors/api_auth_extractor.rs b/virtweb_backend/src/extractors/api_auth_extractor.rs
index bed5da3..604e2e4 100644
--- a/virtweb_backend/src/extractors/api_auth_extractor.rs
+++ b/virtweb_backend/src/extractors/api_auth_extractor.rs
@@ -114,7 +114,10 @@ impl FromRequest for ApiAuthExtractor {
             // TODO : manually validate all checks
 
             if token.should_update_last_activity() {
-                // TODO : update last activity
+                if let Err(e) = api_tokens::refresh_last_used(token.id).await {
+                    log::error!("Could not update token last activity! {e}");
+                    return Err(ErrorBadRequest("!"));
+                }
             }
 
             Ok(ApiAuthExtractor { token, claims })