Access tokens

The access tokens API allows you to list, create, modify, and delete access tokens programmatically.

When using access tokens to manage access tokens, the following restrictions apply:

  • Personal tokens can see all service tokens and other personal tokens created by the same team member. If the personal token has the "Admin" role, it may also see other member's personal tokens. To learn more, read Personal tokens.
  • Service tokens can see all service tokens. If the token has the "Admin" role, it may also see all personal tokens. To learn more, read Service tokens.
  • Tokens can only manage other tokens, including themselves, if they have "Admin" role or explicit permission via a custom role. To learn more, read Personal access token actions.

To learn more about access tokens, read API access tokens.

List access tokens

Fetch a list of all access tokens.

Request
Security:
ApiKey (readwrite)
query Parameters
showAll
boolean <boolean>

If set to true, and the authentication access token has the 'Admin' role, personal access tokens for all members will be retrieved.

Responses
200

Access token response JSON

401

Invalid access token

403

Forbidden

429

Rate limited

get/api/v2/tokens
Request samples
curl -i -X GET \
  https://app.launchdarkly.com/api/v2/tokens \
  -H 'Authorization: YOUR_API_KEY_HERE'
Response samples
application/json
{
  • "items": [
    ],
  • "_links": {
    }
}

Create access token

Create a new access token.

Request
Security:
ApiKey (readwrite)
Request Body schema: application/json
name
string

A human-friendly name for the access token

description
string

A description for the access token

role
string

Built-in role for the token

Enum: "reader" "writer" "admin"
customRoleIds
Array of strings

A list of custom role IDs to use as access limits for the access token

Array of objects (StatementPost)

A JSON array of statements represented as JSON objects with three attributes: effect, resources, actions. May be used in place of a built-in or custom role.

serviceToken
defaultApiVersion
integer

The default API version for this token

Responses
201

Access token response JSON

400

Invalid request

401

Invalid access token

403

Forbidden

429

Rate limited

post/api/v2/tokens
Request samples
application/json
{
  • "role": "reader"
}
Response samples
application/json
{
  • "_id": "string",
  • "ownerId": "string",
  • "memberId": "string",
  • "_member": {
    },
  • "name": "string",
  • "description": "string",
  • "creationDate": 0,
  • "lastModified": 0,
  • "customRoleIds": [
    ],
  • "inlineRole": [
    ],
  • "role": "reader",
  • "token": "api-deadbeef-dead-beef-dead-beefdeadbeef",
  • "serviceToken": true,
  • "_links": {
    },
  • "defaultApiVersion": 0,
  • "lastUsed": 0
}

Get access token

Get a single access token by ID.

Request
Security:
ApiKey (readwrite)
path Parameters
id
required
string <string>

The ID of the access token

Responses
200

Access token response JSON

401

Invalid access token

403

Forbidden

404

Invalid resource identifier

429

Rate limited

get/api/v2/tokens/{id}
Request samples
curl -i -X GET \
  https://app.launchdarkly.com/api/v2/tokens/:id \
  -H 'Authorization: YOUR_API_KEY_HERE'
Response samples
application/json
{
  • "_id": "string",
  • "ownerId": "string",
  • "memberId": "string",
  • "_member": {
    },
  • "name": "string",
  • "description": "string",
  • "creationDate": 0,
  • "lastModified": 0,
  • "customRoleIds": [
    ],
  • "inlineRole": [
    ],
  • "role": "reader",
  • "token": "api-deadbeef-dead-beef-dead-beefdeadbeef",
  • "serviceToken": true,
  • "_links": {
    },
  • "defaultApiVersion": 0,
  • "lastUsed": 0
}

Patch access token

Update an access token's settings. The request should be a valid JSON Patch document describing the changes to be made to the access token.

Request
Security:
ApiKey (readwrite)
path Parameters
id
required
string <string>

The ID of the access token to update

Request Body schema: application/json
Array
op
required
string

The type of operation to perform

path
required
string

A JSON Pointer string specifying the part of the document to operate on

value
required
any

A JSON value used in "add", "replace", and "test" operations

Responses
200

Access token response JSON

400

Invalid request

401

Invalid access token

403

Forbidden

404

Invalid resource identifier

409

Status conflict

422

Invalid patch content

429

Rate limited

patch/api/v2/tokens/{id}
Request samples
application/json
[
  • {
    }
]
Response samples
application/json
{
  • "_id": "string",
  • "ownerId": "string",
  • "memberId": "string",
  • "_member": {
    },
  • "name": "string",
  • "description": "string",
  • "creationDate": 0,
  • "lastModified": 0,
  • "customRoleIds": [
    ],
  • "inlineRole": [
    ],
  • "role": "reader",
  • "token": "api-deadbeef-dead-beef-dead-beefdeadbeef",
  • "serviceToken": true,
  • "_links": {
    },
  • "defaultApiVersion": 0,
  • "lastUsed": 0
}

Delete access token

Delete an access token by ID.

Request
Security:
ApiKey (readwrite)
path Parameters
id
required
string <string>

The ID of the access token to update

Responses
204

Action succeeded

401

Invalid access token

403

Forbidden

404

Invalid resource identifier

429

Rate limited

delete/api/v2/tokens/{id}
Request samples
curl -i -X DELETE \
  https://app.launchdarkly.com/api/v2/tokens/:id \
  -H 'Authorization: YOUR_API_KEY_HERE'
Response samples
application/json
{
  • "code": "unauthorized",
  • "message": "invalid key"
}

Reset access token

Reset an access token's secret key with an optional expiry time for the old key.

Request
Security:
ApiKey (readwrite)
path Parameters
id
required
string <string>

The ID of the access token to update

query Parameters
expiry
integer <int64>

An expiration time for the old token key, expressed as a Unix epoch time in milliseconds. By default, the token will expire immediately.

Responses
200

Access token response JSON

401

Invalid access token

403

Forbidden

404

Invalid resource identifier

429

Rate limited

post/api/v2/tokens/{id}/reset
Request samples
curl -i -X POST \
  https://app.launchdarkly.com/api/v2/tokens/:id/reset \
  -H 'Authorization: YOUR_API_KEY_HERE'
Response samples
application/json
{
  • "_id": "string",
  • "ownerId": "string",
  • "memberId": "string",
  • "_member": {
    },
  • "name": "string",
  • "description": "string",
  • "creationDate": 0,
  • "lastModified": 0,
  • "customRoleIds": [
    ],
  • "inlineRole": [
    ],
  • "role": "reader",
  • "token": "api-deadbeef-dead-beef-dead-beefdeadbeef",
  • "serviceToken": true,
  • "_links": {
    },
  • "defaultApiVersion": 0,
  • "lastUsed": 0
}