To reproduce in our deployment, you don't have to wait, it happens immediately. The best way to get it to happen is to visit the Dashboard or the Calendar page. It gets a 401 Unauthorized on any Ajax calls to http://(domain).com/api/v1/(endpoint)
Here is a screenshot of our calendar page, there are 3 Ajax calls to the API endpoints, so 3 error boxes pop up.
We are hosted on Google Cloud using the Bitnami launcher, with the default CPU size of n1-standard and a 10 GB disk. One thing I noticed during our deployment which could potentially be related to this issue: when we were intially configuring the site, we did not have a domain name or SSL certificate set up, and we were just accessing it directly via the IP address. Some things were broken in Canvas any time we would stop and restart the server, because the IP address changed. For example, we would upload logos using the Theme editor, and whenever the IP changed, the images broke because Canvas is storing the full image URL including the old IP address. Once we finally got our domain and SSL certs in place, we did run the bnconfig tool to update the machine_hostname, but this did NOT fix the broken images which still had a hardcoded IP address. Could this authorization issue somehow be related? Like maybe the Ajax requests are being rejected because they aren't coming from the IP address where we initially configured the site, or something?