Group access tokens API
DETAILS: Tier: Free, Premium, Ultimate Offering: GitLab.com, Self-managed, GitLab Dedicated
You can read more about group access tokens.
List group access tokens
- Introduced in GitLab 14.7.
Get a list of group access tokens.
GET groups/:id/access_tokens| Attribute | Type | required | Description |
|---|---|---|---|
id |
integer or string | yes | ID or URL-encoded path of the group |
curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/groups/<group_id>/access_tokens"[
{
"user_id" : 141,
"scopes" : [
"api"
],
"name" : "token",
"expires_at" : "2021-01-31",
"id" : 42,
"active" : true,
"created_at" : "2021-01-20T22:11:48.151Z",
"revoked" : false,
"access_level": 40
}
]Get a group access token
- Introduced in GitLab 14.10.
Get a group access token by ID.
GET groups/:id/access_tokens/:token_id| Attribute | Type | required | Description |
|---|---|---|---|
id |
integer or string | yes | ID or URL-encoded path of the group |
token_id |
integer | yes | ID of the group access token |
curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/groups/<group_id>/access_tokens/<token_id>"{
"user_id" : 141,
"scopes" : [
"api"
],
"name" : "token",
"expires_at" : "2021-01-31",
"id" : 42,
"active" : true,
"created_at" : "2021-01-20T22:11:48.151Z",
"revoked" : false,
"access_level": 40
}Create a group access token
- Introduced in GitLab 14.7.
- The
expires_atattribute default was introduced in GitLab 16.0.
Create a group access token. You must have the Owner role for the group to create group access tokens.
POST groups/:id/access_tokens| Attribute | Type | required | Description |
|---|---|---|---|
id |
integer or string | yes | ID or URL-encoded path of the group |
name |
String | yes | Name of the group access token |
scopes |
Array[String] |
yes | List of scopes |
access_level |
Integer | no | Access level. Valid values are 10 (Guest), 20 (Reporter), 30 (Developer), 40 (Maintainer), and 50 (Owner). |
expires_at |
Date | yes | Expiration date of the access token in ISO format (YYYY-MM-DD). The date cannot be set later than the maximum allowable lifetime of an access token. |
curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" \
--header "Content-Type:application/json" \
--data '{ "name":"test_token", "scopes":["api", "read_repository"], "expires_at":"2021-01-31", "access_level": 30 }' \
"https://gitlab.example.com/api/v4/groups/<group_id>/access_tokens"{
"scopes" : [
"api",
"read_repository"
],
"active" : true,
"name" : "test",
"revoked" : false,
"created_at" : "2021-01-21T19:35:37.921Z",
"user_id" : 166,
"id" : 58,
"expires_at" : "2021-01-31",
"token" : "D4y...Wzr",
"access_level": 30
}Rotate a group access token
- Introduced in GitLab 16.0
Prerequisites:
- You must have a personal access token with the
apiscope.
Rotate a group access token. Revokes the previous token and creates a new token that expires in one week.
In GitLab 16.6 and later, you can use the expires_at parameter to set a different expiry date. This non-default expiry date can be up to a maximum of one year from the rotation date.
POST /groups/:id/access_tokens/:token_id/rotate| Attribute | Type | required | Description |
|---|---|---|---|
id |
integer or string | yes | ID or URL-encoded path of the group |
token_id |
integer | yes | ID of the access token |
expires_at |
date | no | Expiration date of the access token in ISO format (YYYY-MM-DD). Introduced in GitLab 16.6. |
curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/groups/<group_id>/access_tokens/<token_id>/rotate"Example response:
{
"id": 42,
"name": "Rotated Token",
"revoked": false,
"created_at": "2023-08-01T15:00:00.000Z",
"scopes": ["api"],
"user_id": 1337,
"last_used_at": null,
"active": true,
"expires_at": "2023-08-15",
"access_level": 30,
"token": "s3cr3t"
}Responses
-
200: OKif existing token is successfully revoked and the new token is created. -
400: Bad Requestif not rotated successfully. -
401: Unauthorizedif either the:- User does not have access to the token with the specified ID.
- Token with the specified ID does not exist.
-
404: Not Foundif the user is an administrator but the token with the specified ID does not exist.
Automatic reuse detection
Refer to automatic reuse detection for personal access tokens for more information.
Revoke a group access token
- Introduced in GitLab 14.7.
Revoke a group access token.
DELETE groups/:id/access_tokens/:token_id| Attribute | Type | required | Description |
|---|---|---|---|
id |
integer or string | yes | ID or URL-encoded path of the group |
token_id |
integer | yes | ID of the group access token |
curl --request DELETE --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/groups/<group_id>/access_tokens/<token_id>"Responses
-
204: No Contentif successfully revoked. -
400 Bad Requestor404 Not Foundif not revoked successfully.