diff options
Diffstat (limited to 'doc/api/personal_access_tokens.md')
-rw-r--r-- | doc/api/personal_access_tokens.md | 32 |
1 files changed, 31 insertions, 1 deletions
diff --git a/doc/api/personal_access_tokens.md b/doc/api/personal_access_tokens.md index 717e995f510..691c094f9eb 100644 --- a/doc/api/personal_access_tokens.md +++ b/doc/api/personal_access_tokens.md @@ -177,7 +177,7 @@ curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/373999) in GitLab 15.5 -Get a single personal access token by using passing the token in a header. +Get a single personal access token and information about that token by passing the token in a header. ```plaintext GET /personal_access_tokens/self @@ -205,6 +205,36 @@ Example response: } ``` +## Rotate a personal access token + +> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/403042) in GitLab 16.0 + +Rotate a personal access token. Revokes the previous token and creates a new token that expires in one week. + +```plaintext +POST /personal_access_tokens/:id/rotate +``` + +| Attribute | Type | Required | Description | +|-----------|---------|----------|---------------------| +| `id` | integer/string | yes | ID of personal access token | + +NOTE: +Non-administrators can rotate their own tokens. Administrators can rotate tokens of any user. + +```shell +curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/personal_access_tokens/<personal_access_token_id>/rotate" +``` + +### Responses + +- `200: OK` if the existing token is successfully revoked and the new token successfully created. +- `400: Bad Request` if not rotated successfully. +- `401: Unauthorized` if either the: + - User does not have access to the token with the specified ID. + - Token with the specified ID does not exist. +- `404: Not Found` if the user is an administrator but the token with the specified ID does not exist. + ## Revoke a personal access token Revoke a personal access token by either: |