List Tokens - OpenTrain AI

curl -sS https://app.opentrain.ai/api/public/v1/tokens \
  -H "Authorization: Bearer $OT_API_TOKEN"

{
  "tokens": [
    {
      "id": "<TOKEN_ID>",
      "name": "Hiring agent",
      "preview": "ot_pat_c3f9********bd21",
      "scopes": ["jobs:read", "jobs:write", "proposals:read"],
      "status": "active",
      "organizationId": null,
      "createdAt": "2026-06-12T10:00:00.000Z",
      "lastUsedAt": "2026-06-12T11:30:00.000Z",
      "expiresAt": null,
      "revokedAt": null
    },
    {
      "id": "<TOKEN_ID_2>",
      "name": "Old CI token",
      "preview": "ot_pat_91ab********77e2",
      "scopes": ["jobs:read"],
      "status": "revoked",
      "organizationId": null,
      "createdAt": "2026-05-27T18:30:46.565Z",
      "lastUsedAt": null,
      "expiresAt": null,
      "revokedAt": "2026-05-27T18:36:08.676Z"
    }
  ]
}

GET

api

public

tokens

curl -sS https://app.opentrain.ai/api/public/v1/tokens \
  -H "Authorization: Bearer $OT_API_TOKEN"

{
  "tokens": [
    {
      "id": "<TOKEN_ID>",
      "name": "Hiring agent",
      "preview": "ot_pat_c3f9********bd21",
      "scopes": ["jobs:read", "jobs:write", "proposals:read"],
      "status": "active",
      "organizationId": null,
      "createdAt": "2026-06-12T10:00:00.000Z",
      "lastUsedAt": "2026-06-12T11:30:00.000Z",
      "expiresAt": null,
      "revokedAt": null
    },
    {
      "id": "<TOKEN_ID_2>",
      "name": "Old CI token",
      "preview": "ot_pat_91ab********77e2",
      "scopes": ["jobs:read"],
      "status": "revoked",
      "organizationId": null,
      "createdAt": "2026-05-27T18:30:46.565Z",
      "lastUsedAt": null,
      "expiresAt": null,
      "revokedAt": "2026-05-27T18:36:08.676Z"
    }
  ]
}

Lists every personal API token on the account — active, expired, and revoked — with metadata only. Secrets are never returned after creation; the preview field shows just enough (prefix + last 4 characters) to match a token you hold against its record. Use this to audit what can access the account, find the id to pass to revoke, and check how close you are to the 25-active-token cap before creating more. Requirements: any valid token — token management needs no specific scope or feature flag, and works pre-claim.

Request

No parameters.

Response

tokens

object[]

Show token

string

Token ID — pass to DELETE /tokens/{tokenId}.

name

string

Human-readable label set at creation.

preview

string

Masked secret, e.g. ot_pat_c3f9********bd21 — prefix plus the last 4 characters.

scopes

string[]

The token’s scopes, sorted.

status

string

active, expired (past expiresAt), or revoked.

organizationId

string | null

The organization the token is bound to, when applicable.

createdAt

string

ISO creation timestamp.

lastUsedAt

string | null

Last time the token authenticated a request — null means never used.

expiresAt

string | null

When the token stops working; null means no expiry.

revokedAt

string | null

When the token was revoked; null unless revoked.

Errors

Status	`code`	Meaning
`401`	`UNAUTHORIZED`	Missing or invalid token

curl -sS https://app.opentrain.ai/api/public/v1/tokens \
  -H "Authorization: Bearer $OT_API_TOKEN"

{
  "tokens": [
    {
      "id": "<TOKEN_ID>",
      "name": "Hiring agent",
      "preview": "ot_pat_c3f9********bd21",
      "scopes": ["jobs:read", "jobs:write", "proposals:read"],
      "status": "active",
      "organizationId": null,
      "createdAt": "2026-06-12T10:00:00.000Z",
      "lastUsedAt": "2026-06-12T11:30:00.000Z",
      "expiresAt": null,
      "revokedAt": null
    },
    {
      "id": "<TOKEN_ID_2>",
      "name": "Old CI token",
      "preview": "ot_pat_91ab********77e2",
      "scopes": ["jobs:read"],
      "status": "revoked",
      "organizationId": null,
      "createdAt": "2026-05-27T18:30:46.565Z",
      "lastUsedAt": null,
      "expiresAt": null,
      "revokedAt": "2026-05-27T18:36:08.676Z"
    }
  ]
}

Invite Team Member

Create Token

⌘I

​Request

​Response

​Errors

Request

Response

Errors