Skip to main content
GET
/
users
/
{user_id}
/
api-tokens
List a user's API tokens
curl --request GET \
  --url {schemes}://api.upsun.com/users/{user_id}/api-tokens \
  --header 'Authorization: Bearer <token>'
[
  {
    "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
    "name": "<string>",
    "mfa_on_creation": true,
    "token": "<string>",
    "created_at": "2023-11-07T05:31:56Z",
    "updated_at": "2023-11-07T05:31:56Z",
    "last_used_at": "2023-11-07T05:31:56Z"
  }
]

Documentation Index

Fetch the complete documentation index at: https://developer.upsun.com/llms.txt

Use this file to discover all available pages before exploring further.

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Path Parameters

user_id
string<uuid>
required

The ID of the user.

Example:

"d81c8ee2-44b3-429f-b944-a33ad7437690"

Response

OK

id
string<uuid>

The ID of the token.

name
string

The token name.

mfa_on_creation
boolean

Whether the user had multi-factor authentication (MFA) enabled when they created the token.

token
string

The token in plain text (available only when created).

created_at
string<date-time>

The date and time when the token was created.

updated_at
string<date-time>

The date and time when the token was last updated.

last_used_at
string<date-time> | null

The date and time when the token was last exchanged for an access token. This will be null for a token which has never been used, or not used since this API property was added. Note: After an API token is used, the derived access token may continue to be used until its expiry. This also applies to SSH certificate(s) derived from the access token.

Last modified on May 7, 2026