1 files changed, 118 insertions, 11 deletions
diff --git a/doc/api/personal_access_tokens.md b/doc/api/personal_access_tokens.md
index 849b5c75684..717e995f510 100644
--- a/doc/api/personal_access_tokens.md
+++ b/doc/api/personal_access_tokens.md
@@ -1,7 +1,7 @@
 ---
 stage: Govern
 group: Compliance
-info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
 ---
 
 # Personal access tokens API **(FREE)**
@@ -12,24 +12,56 @@ You can read more about [personal access tokens](../user/profile/personal_access
 
 > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/227264) in GitLab 13.3.
 > - [Moved](https://gitlab.com/gitlab-org/gitlab/-/issues/270200) from GitLab Ultimate to GitLab Free in 13.6.
+> - `created_after`, `created_before`, `last_used_after`, `last_used_before`, `revoked`, `search` and `state` filters were [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/362248) in GitLab 15.5.
 
-Get a list of personal access tokens.
+Get all personal access tokens the authenticated user has access to. By default, returns an unfiltered list of:
+
+- Only personal access tokens created by the current user to a non-administrator.
+- All personal access tokens to an administrator.
+
+Administrators:
+
+- Can use the `user_id` parameter to filter by a user.
+- Can use other filters on all personal access tokens (GitLab 15.5 and later).
+
+Non-administrators:
+
+- Cannot use the `user_id` parameter to filter on any user except themselves, otherwise they receive a `401 Unauthorized` response.
+- Can only filter on their own personal access tokens (GitLab 15.5 and later).
 
 ```plaintext
 GET /personal_access_tokens
+GET /personal_access_tokens?created_after=2022-01-01T00:00:00
+GET /personal_access_tokens?created_before=2022-01-01T00:00:00
+GET /personal_access_tokens?last_used_after=2022-01-01T00:00:00
+GET /personal_access_tokens?last_used_before=2022-01-01T00:00:00
+GET /personal_access_tokens?revoked=true
+GET /personal_access_tokens?search=name
+GET /personal_access_tokens?state=inactive
+GET /personal_access_tokens?user_id=1
 ```
 
-| Attribute | Type    | required | Description         |
-|-----------|---------|----------|---------------------|
-| `user_id` | integer/string | no | The ID of the user to filter by |
+Supported attributes:
 
-NOTE:
-Administrators can use the `user_id` parameter to filter by a user. Non-administrators cannot filter by any user except themselves. Attempting to do so will result in a `401 Unauthorized` response.
+| Attribute           | Type           | Required | Description         |
+|---------------------|----------------|----------|---------------------|
+| `created_after`     | datetime (ISO 8601) | **{dotted-circle}** No | Limit results to PATs created after specified time. |
+| `created_before`    | datetime (ISO 8601) | **{dotted-circle}** No | Limit results to PATs created before specified time. |
+| `last_used_after`   | datetime (ISO 8601) | **{dotted-circle}** No | Limit results to PATs last used after specified time. |
+| `last_used_before`  | datetime (ISO 8601) | **{dotted-circle}** No | Limit results to PATs last used before specified time. |
+| `revoked`           | boolean             | **{dotted-circle}** No | Limit results to PATs with specified revoked state. Valid values are `true` and `false`. |
+| `search`            | string              | **{dotted-circle}** No | Limit results to PATs with name containing search string. |
+| `state`             | string              | **{dotted-circle}** No | Limit results to PATs with specified state. Valid values are `active` and `inactive`. |
+| `user_id`           | integer or string   | **{dotted-circle}** No | Limit results to PATs owned by specified user. |
+
+Example request:
 
 ```shell
 curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/personal_access_tokens"
 ```
 
+Example response:
+
 ```json
 [
     {
@@ -48,10 +80,14 @@ curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/a
 ]
 ```
 
+Example request:
+
 ```shell
 curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/personal_access_tokens?user_id=3"
 ```
 
+Example response:
+
 ```json
 [
     {
@@ -70,7 +106,46 @@ curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/a
 ]
 ```
 
-## Get single personal access token by ID
+Example request:
+
+```shell
+curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/personal_access_tokens?revoked=true"
+```
+
+Example response:
+
+```json
+[
+    {
+        "id": 41,
+        "name": "Revoked Test Token",
+        "revoked": true,
+        "created_at": "2022-01-01T14:31:47.729Z",
+        "scopes": [
+            "api"
+        ],
+        "user_id": 8,
+        "last_used_at": "2022-05-18T17:58:37.550Z",
+        "active": false,
+        "expires_at": null
+    }
+]
+```
+
+You can filter by merged attributes with:
+
+```plaintext
+GET /personal_access_tokens?revoked=true&created_before=2022-01-01
+```
+
+## Get single personal access token
+
+Get a personal access token by either:
+
+- Using the ID of the personal access token.
+- Passing it to the API in a header.
+
+### Using a personal access token ID
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/362239) in GitLab 15.1.
 
@@ -81,7 +156,7 @@ Administrators can get any token.
 GET /personal_access_tokens/:id
 ```
 
-| Attribute | Type    | required | Description         |
+| Attribute | Type    | Required | Description         |
 |-----------|---------|----------|---------------------|
 | `id` | integer/string | yes | ID of personal access token |
 
@@ -89,7 +164,7 @@ GET /personal_access_tokens/:id
 curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/personal_access_tokens/<id>"
 ```
 
-### Responses
+#### Responses
 
 > `404` HTTP status code [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/93650) in GitLab 15.3.
 
@@ -98,6 +173,38 @@ curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab
   - The token with the specified ID doesn't exist.
 - `404: Not Found` if the user is an administrator but the token with the specified ID doesn't exist.
 
+### Using a request header
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/373999) in GitLab 15.5
+
+Get a single personal access token by using passing the token in a header.
+
+```plaintext
+GET /personal_access_tokens/self
+```
+
+```shell
+curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/personal_access_tokens/self"
+```
+
+Example response:
+
+```json
+{
+    "id": 4,
+    "name": "Test Token",
+    "revoked": false,
+    "created_at": "2020-07-23T14:31:47.729Z",
+    "scopes": [
+        "api"
+    ],
+    "user_id": 3,
+    "last_used_at": "2021-10-06T17:58:37.550Z",
+    "active": true,
+    "expires_at": null
+}
+```
+
 ## Revoke a personal access token
 
 Revoke a personal access token by either:
@@ -116,7 +223,7 @@ Revoke a personal access token using its ID.
 DELETE /personal_access_tokens/:id
 ```
 
-| Attribute | Type    | required | Description         |
+| Attribute | Type    | Required | Description         |
 |-----------|---------|----------|---------------------|
 | `id` | integer/string | yes | ID of personal access token |