Token information API
-
Introduced in GitLab 17.5 with a flag named
admin_agnostic_token_finder
. Disabled by default.
Administrators can use this API to retrieve information about arbitrary tokens. Unlike other API endpoints that expose token information, such as the Personal access token API, this endpoint allows administrators to retrieve token information without knowing the type of the token.
Prerequisites:
- You must be an administrator.
Get Token Information
Returns information about a token.
Supported tokens:
POST /api/v4/admin/token
Supported attributes:
Attribute | Type | Required | Description |
---|---|---|---|
token
|
string | Yes | Token that should be identified. |
If successful, returns 200
and information about the token.
Can return the following status codes:
-
200 OK
: Information about the token. -
401 Unauthorized
: The user is not authorized. -
403 Forbidden
: The user is not an administrator. -
404 Not Found
: The token was not found. -
422 Unprocessable
: The token type is not supported.
Example request:
curl --request POST \
--url "https://gitlab.example.com/api/v4/admin/token" \
--header "PRIVATE-TOKEN: <your_access_token>" \
--header 'Content-Type: application/json' \
--data '{"token": "glpat-<example-token>"}'
Example response:
{
"id": 1,
"user_id": 70,
"name": "project-access-token",
"revoked": false,
"expires_at": "2024-10-04",
"created_at": "2024-09-04T07:19:18.652Z",
"updated_at": "2024-09-04T07:19:18.652Z",
"scopes": [
"api",
"read_api"
],
"impersonation": false,
"expire_notification_delivered": false,
"last_used_at": null,
"after_expiry_notification_delivered": false,
"previous_personal_access_token_id": null,
"advanced_scopes": null,
"organization_id": 1
}