To remove confusion about the expiration for the SAS URI, you might consider adding a field to the QueryExecutionJob that articulates the expiration of the URI. For example, you might take inspiration from the OAuth token response (described here for SKY API, but it's a standard for OAuth) and add an "expires_in" field to the response. This would allow callers to programmatically determine whether the URI is still valid, and you could decide to shrink/expand the expiration window in the future without impacting callers.