1 files changed, 25 insertions, 1 deletions

diff --git a/lib/api/personal_access_tokens.rb b/lib/api/personal_access_tokens.rb
index 66930ecd797..9d234ca0593 100644
--- a/lib/api/personal_access_tokens.rb
+++ b/lib/api/personal_access_tokens.rb
@@ -4,7 +4,7 @@ module API
   class PersonalAccessTokens < ::API::Base
     include ::API::PaginationParams
 
-    feature_category :authentication_and_authorization
+    feature_category :system_access
 
     before do
       authenticate!
@@ -68,6 +68,30 @@ module API
         end
       end
 
+      desc 'Rotate personal access token' do
+        detail 'Roates a personal access token.'
+        success Entities::PersonalAccessTokenWithToken
+      end
+      post ':id/rotate' do
+        token = PersonalAccessToken.find_by_id(params[:id])
+
+        if Ability.allowed?(current_user, :manage_user_personal_access_token, token&.user)
+          response = ::PersonalAccessTokens::RotateService.new(current_user, token).execute
+
+          if response.success?
+            status :ok
+
+            new_token = response.payload[:personal_access_token]
+            present new_token, with: Entities::PersonalAccessTokenWithToken
+          else
+            bad_request!(response.message)
+          end
+        else
+          # Only admins should be informed if the token doesn't exist
+          current_user.can_admin_all_resources? ? not_found! : unauthorized!
+        end
+      end
+
       desc 'Revoke a personal access token' do
         detail 'Revoke a personal access token by using the ID of the personal access token.'
         success code: 204