List Token Information
Overview
This endpoint retrieves a paginated list of all OAuth tokens issued for the entity. It includes metadata such as roles, scopes, expiration times, and creation dates. This is useful for auditing, monitoring active sessions, and managing token lifecycle.
Endpoint Details
| Definition | Description |
|---|---|
| Endpoint | https://bre-b-sandbox.api.visionamos.passportfintech.com/v1/iam/oauth/tokens |
| Method | GET |
| Headers | Accept-Language, Content-Length, Content-Type: application/json, Authorization |
| Authentication | Access Token (Bearer Token) |
Request Body
This endpoint does not require a request body.
Example Request
2
2
curl --location 'https://bre-b-develop.api.visionamos.passportfintech.com/v1/iam/oauth/tokens' \--header 'Authorization: Bearer <YOUR_ACCESS_TOKEN>' \Response
- HTTP Status Code 200 OK.
Example of Response
303
303
{ "pagination_info": {}, "tokens": []}Common Errors and Handling
| HTTP Status Code | Meaning | Description |
|---|---|---|
| 400 | Bad Request | Invalid query parameters or malformed request |
| 401 | Unauthorized | Bearer token missing, expired, or does not include iam.oauth.tokens.list.get scope |
| 403 | Forbidden | Authenticated user lacks permission to view token list |
| 500 | Internal Server Error | Unexpected error. Retry or contact support if issue persists |
Best Practices
- Use the
pagination_infoobject to iterate through all pages when retrieving tokens. - Regularly audit active tokens to ensure compliance with security policies.
- Immediately revoke compromised or unused tokens using the Revoke Token endpoint.
- Never expose raw tokens in logs or client-side applications.
- Use
rolesandscopesto enforce least-privilege access models.