Share via

Personal Access Tokens - List

  • Reference
Service:
Token Admin
API Version:
7.1

Lists of all the session token details of the personal access tokens (PATs) for a particular user.

GET https://vssps.dev.azure.com/{organization}/_apis/tokenadmin/personalaccesstokens/{subjectDescriptor}?api-version=7.1
With optional parameters: 
GET https://vssps.dev.azure.com/{organization}/_apis/tokenadmin/personalaccesstokens/{subjectDescriptor}?pageSize={pageSize}&continuationToken={continuationToken}&isPublic={isPublic}&api-version=7.1

URI Parameters

Name In Required Type Description
organization
 path True

string

The name of the Azure DevOps organization.
subjectDescriptor
 path True

string

The descriptor of the target user.
api-version
 query True

string

Version of the API to use. This should be set to '7.1' to use this version of the api.
continuationToken
 query

string

An opaque data blob that allows the next page of data to resume immediately after where the previous page ended. The only reliable way to know if there is more data left is the presence of a continuation token.
isPublic
 query

boolean

Set to false for PAT tokens and true for SSH tokens.
pageSize
 query

integer

int32

The maximum number of results to return on each page.

Responses

Name Type Description
200 OK

TokenAdminPagedSessionTokens

An an array containing all the session token objects corresponding to the user's PATs.
400 Bad Request

The input is invalid, such as by containing an invalid subject descriptor, page size, or continuation token
401 Unauthorized

If the caller does not have permission to administrate tokens
404 Not Found

If the user with the given subject descriptor cannot be found.

Security

oauth2

Type: oauth2
Flow: accessCode
Authorization URL: https://app.vssps.visualstudio.com/oauth2/authorize&response_type=Assertion
Token URL: https://app.vssps.visualstudio.com/oauth2/token?client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer&grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer

Scopes

Name Description
vso.tokenadministration Grants the ability to manage (view and revoke) existing tokens to organization administrators

Examples

Sample request

GET https://vssps.dev.azure.com/fabrikam/_apis/tokenadmin/personalaccesstokens/{subjectDescriptor}?pageSize=20&api-version=7.1

Sample response

Status code:
200 
{
  "value": [
    {
      "clientId": "00000000-0000-0000-0000-000000000000",
      "accessId": "00000000-0000-0000-0000-000000000000",
      "authorizationId": "952858d3-7084-4635-964e-3c2a57645185",
      "hostAuthorizationId": "00000000-0000-0000-0000-000000000000",
      "userId": "bb5bb6c8-ef0a-400f-8987-92b3674d2043",
      "validFrom": "2018-07-19T00:00:00",
      "validTo": "2018-07-19T00:00:00",
      "displayName": null,
      "scope": "app_token",
      "targetAccounts": null,
      "token": null,
      "alternateToken": null,
      "isValid": true,
      "isPublic": false,
      "publicData": null,
      "source": null
    },
    {
      "clientId": "00000000-0000-0000-0000-000000000000",
      "accessId": "00000000-0000-0000-0000-000000000000",
      "authorizationId": "c2e0abd5-85a8-40b0-a179-88e98538ec7c",
      "hostAuthorizationId": "00000000-0000-0000-0000-000000000000",
      "userId": "bb5bb6c8-ef0a-400f-8987-92b3674d2043",
      "validFrom": "2018-07-19T00:00:00",
      "validTo": "2018-07-19T00:00:00",
      "displayName": null,
      "scope": "vso.dashboards vso.taskgroups_manage",
      "targetAccounts": null,
      "token": null,
      "alternateToken": null,
      "isValid": true,
      "isPublic": false,
      "publicData": null,
      "source": null
    },
    {
      "clientId": "00000000-0000-0000-0000-000000000000",
      "accessId": "00000000-0000-0000-0000-000000000000",
      "authorizationId": "e1bd9361-1120-4227-a258-da80545884b9",
      "hostAuthorizationId": "00000000-0000-0000-0000-000000000000",
      "userId": "bb5bb6c8-ef0a-400f-8987-92b3674d2043",
      "validFrom": "2018-07-19T00:00:00",
      "validTo": "2018-07-19T00:00:00",
      "displayName": null,
      "scope": "vso.graph_manage vso.identity_manage",
      "targetAccounts": null,
      "token": null,
      "alternateToken": null,
      "isValid": true,
      "isPublic": false,
      "publicData": null,
      "source": null
    }
  ],
  "continuationToken": null
}

Definitions

Name Description
SessionToken

Represents a session token used to access Azure DevOps resources
TokenAdminPagedSessionTokens

A paginated list of session tokens. Session tokens correspond to OAuth credentials such as personal access tokens (PATs) and other OAuth authorizations.

SessionToken

Represents a session token used to access Azure DevOps resources

Name Type Description
accessId

string

alternateToken

string

This is populated when user requests a compact token. The alternate token value is self describing token.
authorizationId

string

claims

object

clientId

string

displayName

string

hostAuthorizationId

string

isPublic

boolean

isValid

boolean

publicData

string

scope

string

source

string

targetAccounts

string[]

token

string

This is computed and not returned in Get queries
userId

string

validFrom

string

validTo

string

TokenAdminPagedSessionTokens

A paginated list of session tokens. Session tokens correspond to OAuth credentials such as personal access tokens (PATs) and other OAuth authorizations.

Name Type Description
continuationToken

string

The continuation token that can be used to retrieve the next page of session tokens, or null if there is no next page.
value

SessionToken[]

The list of all session tokens in the current page.