tokens()

API Stability Long-Term

The tokens() GraphQL query returns paginated search results for tokens.

Related to this query field is the token() query. There are also several mutation fields: createPersonalUserTokenV2(), createReadonlyToken(), createSystemPermissionsTokenV2(), and createViewPermissionsTokenV2() for creating tokens; deleteToken() and deleteReadonlyToken() for deleting them; and rotateToken() for rotating a token.

For more information on access tokens of various types, see the Tokens in LogScale page in the main documentation.

Syntax

graphql
tokens(
     searchFilter: string
     typeFilter: [Tokens__Type]
     parentEntityIdFilter: [string]
     sortBy: Tokens__SortBy!
     orderBy: OrderBy
     skip: integer
     limit: integer
   ): TokenQueryResultSet!

This query field has several inputs, but not all required — as indicated by the exclamation marks. Use searchFilter to provide a string on which to base search results and typeFilter to limit search to particular types of tokens. For the parentEntityIdFilter, give ID of the parent entitle for further filtering of results. See the Given Datatypes for more details.

For ordering results alphanumerically, use orderBy to indicate whether to put them in ascending or descending order. You can opt to skip the first so many results with the skip parameter — it's default value is 0. Use the limit parameter to limit the number of results returned — its default is 50.

For the results, you can get the total results found, the name of each token, when each was created and when it will expire. To see your choices, scroll down to the Returned Datatype section.

Example

Below is an example of how this query field might be used:

Raw
graphql
query {
  tokens(sortBy: Name, orderBy: ASC)
        { totalResults, 
          results{name, expireAt} }
}
Mac OS or Linux (curl)
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "query {
  tokens(sortBy: Name, orderBy: ASC)
        { totalResults, 
          results{name, expireAt} }
}"
}
EOF
Mac OS or Linux (curl) One-line
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "query {
  tokens(sortBy: Name, orderBy: ASC)
        { totalResults, 
          results{name, expireAt} }
}"
}
EOF
Windows Cmd and curl
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "query { ^
  tokens(sortBy: Name, orderBy: ASC) ^
        { totalResults,  ^
          results{name, expireAt} } ^
}" ^
} '
Windows Powershell and curl
powershell
curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "query {
  tokens(sortBy: Name, orderBy: ASC)
        { totalResults, 
          results{name, expireAt} }
}"
}'
    "$YOUR_LOGSCALE_URL/graphql"
Perl
perl
#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $query = "query {
  tokens(sortBy: Name, orderBy: ASC)
        { totalResults, 
          results{name, expireAt} }
}";
$query =~ s/\n/ /g;
my $json = sprintf('{"query" : "%s"}',$query);
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";
Python
python
#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "query {
  tokens(sortBy: Name, orderBy: ASC)
        { totalResults, 
          results{name, expireAt} }
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)
Node.js
javascript
const https = require('https');

const data = JSON.stringify(
    {"query" : "query {
  tokens(sortBy: Name, orderBy: ASC)
        { totalResults, 
          results{name, expireAt} }
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL',
  path: 'graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();
Example Responses
Success (HTTP Response Code 200 OK)
json
{
  "data": {
    "tokens": {
      "totalResults": 7,
      "results": [
        {
          "name": "Cluster Management",
          "createdAt": 1729603406707,
          "expireAt": null
        },
        {
          "name": "jenkinsAuto",
          "createdAt": 1729830704004,
          "expireAt": null
        },
        {
          "name": "Tester",
          "createdAt": 1730394131348,
          "expireAt": 1731258131010
        }
      ]
    }
  }
}

Given Datatypes

There are a few given datatypes for this query. One allows you to sort by the type of token (e.g., view permissions). The choices for this are listed in the table here:

Table: Tokens__Type

ParameterTypeRequiredDefaultStabilityDescription
Some arguments may be required, as indicated in the Required column. For return datatypes, this indicates that you must specify which fields you want returned in the results.
Table last updated: May 9, 2025
OrganizationManagementPermissionToken   Long-TermThe token is used for organization management access.
OrganizationPermissionToken   Long-TermThe token is an organization permission token.
SystemPermissionToken   Long-TermThe token is for system permission access.
ViewPermissionToken   Long-TermThe token is a view permission token.

The second given datatype is used to sort results by basic factors (e.g., token name). The choices for this are listed in the table below:

Table: Tokens__SortBy

ParameterTypeRequiredDefaultStabilityDescription
Some arguments may be required, as indicated in the Required column. For return datatypes, this indicates that you must specify which fields you want returned in the results.
Table last updated: May 9, 2025
ExpirationDate   Long-TermSort tokens by expiration date.
Name   Long-TermSort tokens by name.

The other input datatype is simple. You can return results based on whether they are alphanumerically in ascending or descending order.

Table: OrderBy

ParameterTypeRequiredDefaultStabilityDescription
Some arguments may be required, as indicated in the Required column. For return datatypes, this indicates that you must specify which fields you want returned in the results.
Table last updated: Oct 10, 2025
ASC  Long-TermOrder results in ascending order (e.g., 0 to 9, A to Z).
DESC   Long-TermOrder results in descending order (e.g., 9 to 0, Z to A).

Returned Datatype

With the returned datatype, you can get the total results found, the name of each token, when each was created and when it will expire. Below is a list of parameters and links to sub-parameters:

Table: TokenQueryResultSet

ParameterTypeRequiredDefaultStabilityDescription
Some arguments may be required, as indicated in the Required column. For return datatypes, this indicates that you must specify which fields you want returned in the results.
Table last updated: Oct 3, 2024
results[Token]yes Long-TermThe paginated results set. See Token.
totalResultsintegeryes Long-TermThe total number of matching results.