Token information API
Tier: Free, Premium, Ultimate
Offering: Self-managed
Status: Experiment
History
-
Introduced in GitLab 17.5 with a flag named
admin_agnostic_token_finder. Disabled by default.
The availability of this feature is controlled by a feature flag.
For more information, see the history.
This feature is available for testing, but not ready for production use.
Administrators can use this API to retrieve information about arbitrary tokens. Unlike other API endpoints that expose token information, such as the Personal access token API, this endpoint allows administrators to retrieve token information without knowing the type of the token.
Prerequisites:
- You must be an administrator.
Get Token Information
Returns information about a token.
Supported tokens:
POST /api/v4/admin/token
Supported attributes:
| Attribute | Type | Required | Description |
|---|---|---|---|
token
| string | Yes | Token that should be identified. |
If successful, returns 200 and information about the token.
Can return the following status codes:
-
200 OK: Information about the token. -
401 Unauthorized: The user is not authorized. -
403 Forbidden: The user is not an administrator. -
404 Not Found: The token was not found. -
422 Unprocessable: The token type is not supported.
Example request:
curl --request POST \
--url "https://gitlab.example.com/api/v4/admin/token" \
--header "PRIVATE-TOKEN: <your_access_token>" \
--header 'Content-Type: application/json' \
--data '{"token": "glpat-<example-token>"}'
Example response:
{
"id": 1,
"user_id": 70,
"name": "project-access-token",
"revoked": false,
"expires_at": "2024-10-04",
"created_at": "2024-09-04T07:19:18.652Z",
"updated_at": "2024-09-04T07:19:18.652Z",
"scopes": [
"api",
"read_api"
],
"impersonation": false,
"expire_notification_delivered": false,
"last_used_at": null,
"after_expiry_notification_delivered": false,
"previous_personal_access_token_id": null,
"advanced_scopes": null,
"organization_id": 1
}