Get Tokens

JFrog REST APIs
Content Type
REST API

Description: Returns token information, based on the authenticated principal and optional filters.

Since: 7.21.1

Security: Requires a valid token.

Usage: GET /access/api/v1/tokens

Produces: application/json

{
  "tokens": [
    {
      "token_id": "<id>",
      "subject": "<subject>",
      "expiry": <epoch-in-secs>,       // optional
      "issued_at": <epoch-in-secs>,
      "issuer": "<issuer>",
      "description": "<description>",  // optional
      "refreshable": <true|false>,
      "last_used": <epoch-in-secs>    // optional
    }, 
    ...
  ]
}

Note

  • An admin user can get all tokens.

  • Non-admin user gets only the tokens where his username matches the tokens' username.

  • If the query does not find any tokens, a response of 200 (i.e., successful) will be returned, but with an empty list of tokens.

  • Supports query parameters to filter the response, such as:

    • description=<description> (supports wildcard, the wildcard must be at the end of the text)

    • username=<username>

    • refreshable=<true|false>

    • token_id=<ID>

    • order_by=<created|token_id|owner|subject|expiry>

    • descending_order=<true|false>

    • scope=<scope> (e.g. group name or project key. Supports wildcard, the wildcard can be at the beginning and/or end of the text)

Note

The last_used parameter is supported for Artifactory versions 7.108.3 and above. To use it, you need to configure the following system properties in your Access YAML Configuration file:Access YAML Configuration

token: 
  last-used-enabled: true
  last-used-threshold: 900

Limitations

When using the last_used parameter, note that it has the following limitations:

  • The returned value might not be precise, and might not include changes from the last 2 hours, due to the verify flow cache or to the last_used_threshold parameter which controls the frequency of updates.

  • last_used is not supported for:

    • Environments using Circle of Trust without Federation configured

    • Short-lived tokens: with an expiry value of less than 6 hours

    • Service, internal, or session tokens: only identity tokens are supported

    • Propagation of last_used timestamp to federated JPDs

Errors:

  • 401 - Unauthenticated

  • 403 - The authenticated principal has no permissions to get tokens (not a user or not an admin token)

Sample Usage:

curl -XGET  -H "Authorization: Bearer <valid access token>" "http://localhost:8082/access/api/v1/tokens?description=my%20token*"

200 OK
{
  "tokens":[
    {
    }, ...
  ]
}