diff --git a/lib/travis/api/app/endpoint.rb b/lib/travis/api/app/endpoint.rb
index a74704dbc..94ff8771a 100644
--- a/lib/travis/api/app/endpoint.rb
+++ b/lib/travis/api/app/endpoint.rb
@@ -117,6 +117,7 @@ def authorizer
       end
 
       def auth_for_repo(id, type)
+        current_user&.touch
         permission = authorizer.for_repo(id, type)
         halt 403, { error: { message: "We're sorry, but you're not authorized to perform this request" } } unless permission
       rescue Travis::API::V3::AuthorizerError
diff --git a/lib/travis/api/v3/access_control/user.rb b/lib/travis/api/v3/access_control/user.rb
index 5633faca3..1b37698f4 100644
--- a/lib/travis/api/v3/access_control/user.rb
+++ b/lib/travis/api/v3/access_control/user.rb
@@ -7,6 +7,7 @@ class AccessControl::User < AccessControl::Generic
     def initialize(user)
       user                = Models::User.find(user.id) if user.is_a? ::User
       @user               = user
+      user.touch
       @access_permissions = user.permissions.where(user_id: user.id)
       super()
     end
diff --git a/lib/travis/api/v3/models/user.rb b/lib/travis/api/v3/models/user.rb
index a343abf1d..a3579248a 100644
--- a/lib/travis/api/v3/models/user.rb
+++ b/lib/travis/api/v3/models/user.rb
@@ -87,6 +87,10 @@ def installation
       @installation = Models::Installation.find_by(owner_type: 'User', owner_id: id, removed_by_id: nil)
     end
 
+    def touch
+      update(last_activity_at: Time.now) if last_activity_at.nil? || Time.now.utc - last_activity_at > 300
+    end
+
     def internal?
       !!get_internal_user
     end
diff --git a/lib/travis/model/user.rb b/lib/travis/model/user.rb
index 990f6c3d9..b03667bd3 100644
--- a/lib/travis/model/user.rb
+++ b/lib/travis/model/user.rb
@@ -47,6 +47,10 @@ def with_email(email_address)
     end
   end
 
+  def touch
+    update(last_activity_at: Time.now) if last_activity_at.nil? || Time.now.utc - last_activity_at > 300
+  end
+
   def token
     tokens.first.try(:token)
   end
diff --git a/spec/lib/model/user_spec.rb b/spec/lib/model/user_spec.rb
index cef7996e1..c598d83a1 100644
--- a/spec/lib/model/user_spec.rb
+++ b/spec/lib/model/user_spec.rb
@@ -86,6 +86,15 @@ def user(payload)
     end
   end
 
+  describe 'last activity' do
+    it 'contains last activity' do
+      user.save!
+      expect(user.last_activity_at).to be_nil
+      user.touch
+      expect(user.last_activity_at).to_not be_nil
+    end
+  end
+
   describe 'avatar_url' do
     it "returns avatar url if it's present" do
       user.avatar_url = 'foo'
diff --git a/spec/v3/service_spec.rb b/spec/v3/service_spec.rb
index 0d4fb65d0..11f329a25 100644
--- a/spec/v3/service_spec.rb
+++ b/spec/v3/service_spec.rb
@@ -37,6 +37,7 @@ module Routes
   context 'when forcing authentication' do
     before { Travis.config.force_authentication = true }
     after { Travis.config.force_authentication = false }
+    before { User.last.update!(last_activity_at: nil) }
 
     it 'does not allow access without authentication' do
       get '/v3/examples'
@@ -44,8 +45,10 @@ module Routes
     end
 
     it 'does allow access with authentication' do
+      expect(User.last.last_activity_at).to be_nil
       get '/v3/examples', {}, auth_headers
       expect(last_response.status).to eq 200
+      expect(User.last.last_activity_at).to_not be_nil
     end
 
     it 'does allow access with log token' do