Skip to main content

List Personal Access Tokens

GET 

/personal-access-tokens

This gets a collection of personal access tokens associated with the optional owner-id. query parameter. If the owner-id query parameter is omitted, all personal access tokens for a tenant will be retrieved, but the caller must have the 'idn:all-personal-access-tokens:read' right.

Request

Query Parameters

    owner-id string

    The identity ID of the owner whose personal access tokens should be listed. If "me", the caller should have the following right: 'idn:my-personal-access-tokens:read' If an actual owner ID or if the owner-id parameter is omitted in the request, the caller should have the following right: 'idn:all-personal-access-tokens:read'. If the caller has the following right, then managed personal access tokens associated with owner-id will be retrieved: 'idn:managed-personal-access-tokens:read'

    filters string

    Filter results using the standard syntax described in V3 API Standard Collection Parameters

    Filtering is supported for the following fields and operators:

    lastUsed: le, isnull

    Example: lastUsed le 2023-02-05T10:59:27.214Z

Responses

List of personal access tokens.

Schema

  • Array [

  • id stringrequired

    The ID of the personal access token (to be used as the username for Basic Auth).

    name stringrequired

    The name of the personal access token. Cannot be the same as other personal access tokens owned by a user.

    scope string[]nullablerequired

    Scopes of the personal access token.

    owner

    object

    required

    Personal access token owner's identity.

    type string

    Possible values: [IDENTITY]

    Personal access token owner's DTO type.

    id string

    Personal access token owner's identity ID.

    name string

    Personal access token owner's human-readable display name.

    created date-timerequired

    The date and time, down to the millisecond, when this personal access token was created.

    lastUsed date-timenullable

    The date and time, down to the millisecond, when this personal access token was last used to generate an access token. This timestamp does not get updated on every PAT usage, but only once a day. This property can be useful for identifying which PATs are no longer actively used and can be removed.

    managed boolean

    If true, this token is managed by the SailPoint platform, and is not visible in the user interface. For example, Workflows will create managed personal access tokens for users who create workflows.

  • ]

Loading...