Skip to main content
GET
/
users
/
{user_id}
/
api-tokens
List a user's API tokens
curl --request GET \
  --url {schemes}://api.upsun.com/users/{user_id}/api-tokens \
  --header 'Authorization: Bearer <token>'
[
  {
    "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
    "name": "<string>",
    "mfa_on_creation": true,
    "token": "<string>",
    "created_at": "2023-11-07T05:31:56Z",
    "updated_at": "2023-11-07T05:31:56Z",
    "last_used_at": "2023-11-07T05:31:56Z"
  }
]

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Path Parameters

user_id
string<uuid>
required

The ID of the user.

Example:

"d81c8ee2-44b3-429f-b944-a33ad7437690"

Response

OK

id
string<uuid>

The ID of the token.

name
string

The token name.

mfa_on_creation
boolean

Whether the user had multi-factor authentication (MFA) enabled when they created the token.

token
string

The token in plain text (available only when created).

created_at
string<date-time>

The date and time when the token was created.

updated_at
string<date-time>

The date and time when the token was last updated.

last_used_at
string<date-time> | null

The date and time when the token was last exchanged for an access token. This will be null for a token which has never been used, or not used since this API property was added. Note: After an API token is used, the derived access token may continue to be used until its expiry. This also applies to SSH certificate(s) derived from the access token.

Last modified on March 25, 2026