3.7 KiB
3.7 KiB
| stage | group | info | description |
|---|---|---|---|
| Software Supply Chain Security | Authentication | To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments | Documentation for the REST API that exposes token information. |
Token information API
DETAILS: Tier: Free, Premium, Ultimate Offering: Self-managed Status: Experiment
- Introduced in GitLab 17.5 with a flag named
admin_agnostic_token_finder. Disabled by default.- Feed tokens added in GitLab 17.6.
- OAuth application secrets added in GitLab 17.7.
- Cluster agent tokens added in GitLab 17.7.
- Runner authentication tokens added in GitLab 17.7.
- Pipeline trigger tokens added in GitLab 17.7.
FLAG: The availability of this feature is controlled by a feature flag. For more information, see the history. This feature is available for testing, but not ready for production use.
Use this API to retrieve details about arbitrary tokens. Unlike other APIs that expose token information, this API allows you to retrieve details without knowing the specific type of token.
Prerequisites:
- You must have administrator access to the instance.
Identify Token
Returns information about a token.
Supported tokens:
- Personal access tokens
- Impersonation tokens
- Deploy tokens
- Feed tokens
- OAuth application secrets
- Cluster agent tokens
- Runner authentication tokens
- Pipeline trigger tokens
POST /api/v4/admin/token
Supported attributes:
| Attribute | Type | Required | Description |
|---|---|---|---|
token |
string | Yes | Token that should be identified. |
If successful, returns 200 and information about the token.
Can return the following status codes:
200 OK: Information about the token.401 Unauthorized: The user is not authorized.403 Forbidden: The user is not an administrator.404 Not Found: The token was not found.422 Unprocessable: The token type is not supported.
Example request:
curl --request POST \
--url "https://gitlab.example.com/api/v4/admin/token" \
--header "PRIVATE-TOKEN: <your_access_token>" \
--header 'Content-Type: application/json' \
--data '{"token": "glpat-<example-token>"}'
Example response:
{
"id": 1,
"user_id": 70,
"name": "project-access-token",
"revoked": false,
"expires_at": "2024-10-04",
"created_at": "2024-09-04T07:19:18.652Z",
"updated_at": "2024-09-04T07:19:18.652Z",
"scopes": [
"api",
"read_api"
],
"impersonation": false,
"expire_notification_delivered": false,
"last_used_at": null,
"after_expiry_notification_delivered": false,
"previous_personal_access_token_id": null,
"advanced_scopes": null,
"organization_id": 1
}