- List group access tokens
- Get a group access token
- Create a group access token
- Rotate a group access token
- Revoke a group access token
Group access tokens API
You can read more about group access tokens.
List group access tokens
Introduced in GitLab 14.7.
Get a list of group access tokens.
GET groups/:id/access_tokens
Attribute | Type | required | Description |
---|---|---|---|
id | integer or string | yes | ID or URL-encoded path of the group |
curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/groups/<group_id>/access_tokens"
[
{
"user_id" : 141,
"scopes" : [
"api"
],
"name" : "token",
"expires_at" : "2021-01-31",
"id" : 42,
"active" : true,
"created_at" : "2021-01-20T22:11:48.151Z",
"revoked" : false,
"access_level": 40
}
]
Get a group access token
Introduced in GitLab 14.10.
Get a group access token by ID.
GET groups/:id/access_tokens/:token_id
Attribute | Type | required | Description |
---|---|---|---|
id | integer or string | yes | ID or URL-encoded path of the group |
token_id | integer or string | yes | ID of the group access token |
curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/groups/<group_id>/access_tokens/<token_id>"
{
"user_id" : 141,
"scopes" : [
"api"
],
"name" : "token",
"expires_at" : "2021-01-31",
"id" : 42,
"active" : true,
"created_at" : "2021-01-20T22:11:48.151Z",
"revoked" : false,
"access_level": 40
}
Create a group access token
- Introduced in GitLab 14.7.
- The
expires_at
attribute default was introduced in GitLab 16.0.
Create a group access token. You must have the Owner role for the group to create group access tokens.
POST groups/:id/access_tokens
Attribute | Type | required | Description |
---|---|---|---|
id | integer or string | yes | ID or URL-encoded path of the group |
name | String | yes | Name of the group access token |
scopes | Array[String] | yes | List of scopes |
access_level | Integer | no | Access level. Valid values are 10 (Guest), 20 (Reporter), 30 (Developer), 40 (Maintainer), and 50 (Owner). |
expires_at | Date | yes | Expiration date of the access token in ISO format (YYYY-MM-DD ). The date cannot be set later than the maximum allowable lifetime of an access token. |
curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" \
--header "Content-Type:application/json" \
--data '{ "name":"test_token", "scopes":["api", "read_repository"], "expires_at":"2021-01-31", "access_level": 30 }' \
"https://gitlab.example.com/api/v4/groups/<group_id>/access_tokens"
{
"scopes" : [
"api",
"read_repository"
],
"active" : true,
"name" : "test",
"revoked" : false,
"created_at" : "2021-01-21T19:35:37.921Z",
"user_id" : 166,
"id" : 58,
"expires_at" : "2021-01-31",
"token" : "D4y...Wzr",
"access_level": 30
}
Rotate a group access token
Introduced in GitLab 16.0
Rotate a group access token. Revokes the previous token and creates a new token that expires in one week.
POST /groups/:id/access_tokens/:token_id/rotate
Attribute | Type | required | Description |
---|---|---|---|
id | integer or string | yes | ID or URL-encoded path of the group |
token_id | integer or string | yes | ID of the project access token |
curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/groups/<group_id>/access_tokens/<token_id>/rotate"
Example response:
{
"id": 42,
"name": "Rotated Token",
"revoked": false,
"created_at": "2023-08-01T15:00:00.000Z",
"scopes": ["api"],
"user_id": 1337,
"last_used_at": null,
"active": true,
"expires_at": "2023-08-15",
"access_level": 30,
"token": "s3cr3t"
}
Responses
-
200: OK
if existing token is successfully revoked and the new token is created. -
400: Bad Request
if not rotated successfully. -
401: Unauthorized
if either the:- User does not have access to the token with the specified ID.
- Token with the specified ID does not exist.
-
404: Not Found
if the user is an administrator but the token with the specified ID does not exist.
Automatic reuse detection
Refer to automatic reuse detection for personal access tokens for more information.
Revoke a group access token
Introduced in GitLab 14.7.
Revoke a group access token.
DELETE groups/:id/access_tokens/:token_id
Attribute | Type | required | Description |
---|---|---|---|
id | integer or string | yes | ID or URL-encoded path of the group |
token_id | integer or string | yes | ID of the group access token |
curl --request DELETE --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/groups/<group_id>/access_tokens/<token_id>"
Responses
-
204: No Content
if successfully revoked. -
400 Bad Request
or404 Not Found
if not revoked successfully.