Group access tokens API

You can read more about group access tokens.

List group access tokens

Introduced in GitLab 14.7.

Get a list of group access tokens.

GET groups/:id/access_tokens
AttributeTyperequiredDescription
idinteger or stringyesID or URL-encoded path of the group
curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/groups/<group_id>/access_tokens"
[
   {
      "user_id" : 141,
      "scopes" : [
         "api"
      ],
      "name" : "token",
      "expires_at" : "2021-01-31",
      "id" : 42,
      "active" : true,
      "created_at" : "2021-01-20T22:11:48.151Z",
      "revoked" : false,
      "access_level": 40
   }
]

Get a group access token

Introduced in GitLab 14.10.

Get a group access token by ID.

GET groups/:id/access_tokens/:token_id
AttributeTyperequiredDescription
idinteger or stringyesID or URL-encoded path of the group
token_idinteger or stringyesID of the group access token
curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/groups/<group_id>/access_tokens/<token_id>"
{
   "user_id" : 141,
   "scopes" : [
      "api"
   ],
   "name" : "token",
   "expires_at" : "2021-01-31",
   "id" : 42,
   "active" : true,
   "created_at" : "2021-01-20T22:11:48.151Z",
   "revoked" : false,
   "access_level": 40
}

Create a group access token

Introduced in GitLab 14.7.

Create a group access token. You must have the Owner role for the group to create group access tokens.

POST groups/:id/access_tokens
AttributeTyperequiredDescription
idinteger or stringyesID or URL-encoded path of the group
nameStringyesName of the group access token
scopesArray[String]yesList of scopes
access_levelIntegernoAccess level. Valid values are 10 (Guest), 20 (Reporter), 30 (Developer), 40 (Maintainer), and 50 (Owner).
expires_atDatenoToken expires at midnight UTC on that date
curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" \
--header "Content-Type:application/json" \
--data '{ "name":"test_token", "scopes":["api", "read_repository"], "expires_at":"2021-01-31", "access_level": 30 }' \
"https://gitlab.example.com/api/v4/groups/<group_id>/access_tokens"
{
   "scopes" : [
      "api",
      "read_repository"
   ],
   "active" : true,
   "name" : "test",
   "revoked" : false,
   "created_at" : "2021-01-21T19:35:37.921Z",
   "user_id" : 166,
   "id" : 58,
   "expires_at" : "2021-01-31",
   "token" : "D4y...Wzr",
   "access_level": 30
}

Rotate a group access token

Introduced in GitLab 16.0

Rotate a group access token. Revokes the previous token and creates a new token that expires in one week.

POST /groups/:id/access_tokens/:token_id/rotate
AttributeTyperequiredDescription
idinteger or stringyesID or URL-encoded path of the group
token_idinteger or stringyesID of the project access token
curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/groups/<group_id>/access_tokens/<token_id>/rotate"

Responses

  • 200: OK if existing token is successfully revoked and the new token is created.
  • 400: Bad Request if not rotated successfully.
  • 401: Unauthorized if either the:
    • User does not have access to the token with the specified ID.
    • Token with the specified ID does not exist.
  • 404: Not Found if the user is an administrator but the token with the specified ID does not exist.

Revoke a group access token

Introduced in GitLab 14.7.

Revoke a group access token.

DELETE groups/:id/access_tokens/:token_id
AttributeTyperequiredDescription
idinteger or stringyesID or URL-encoded path of the group
token_idinteger or stringyesID of the group access token
curl --request DELETE --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/groups/<group_id>/access_tokens/<token_id>"

Responses

  • 204: No Content if successfully revoked.
  • 400 Bad Request or 404 Not Found if not revoked successfully.