Token information API

Tier: Free, Premium, Ultimate Offering: Self-managed Status: Experiment
History
The availability of this feature is controlled by a feature flag. For more information, see the history. This feature is available for testing, but not ready for production use.

Administrators can use this API to retrieve information about arbitrary tokens. Unlike other API endpoints that expose token information, such as the Personal access token API, this endpoint allows administrators to retrieve token information without knowing the type of the token.

Prerequisites:

  • You must be an administrator.

Get Token Information

Returns information about a token.

Supported tokens:

POST /api/v4/admin/token

Supported attributes:

Attribute Type Required Description
token string Yes Token that should be identified.

If successful, returns 200 and information about the token.

Can return the following status codes:

  • 200 OK: Information about the token.
  • 401 Unauthorized: The user is not authorized.
  • 403 Forbidden: The user is not an administrator.
  • 404 Not Found: The token was not found.
  • 422 Unprocessable: The token type is not supported.

Example request:

curl --request POST \
  --url "https://gitlab.example.com/api/v4/admin/token" \
  --header "PRIVATE-TOKEN: <your_access_token>" \
  --header 'Content-Type: application/json' \
  --data '{"token": "glpat-<example-token>"}'

Example response:

{
 "id": 1,
 "user_id": 70,
 "name": "project-access-token",
 "revoked": false,
 "expires_at": "2024-10-04",
 "created_at": "2024-09-04T07:19:18.652Z",
 "updated_at": "2024-09-04T07:19:18.652Z",
 "scopes": [
  "api",
  "read_api"
 ],
 "impersonation": false,
 "expire_notification_delivered": false,
 "last_used_at": null,
 "after_expiry_notification_delivered": false,
 "previous_personal_access_token_id": null,
 "advanced_scopes": null,
 "organization_id": 1
}