# Search for non-expired access tokens Get a list of all non-expired access tokens that match specified search criteria. You must specify at least one of the following search criteria. If you pass multiple parameters as search criteria, the API returns non-expired tokens that match all parameters. - tokenName—Search by token name. Use an asterisk (*) as placeholder for partial searches. - tokenType—Either NORMAL or IMPERSONATED. If not specified, all token types will be returned. - username—The email address of the user for whom the token was created. - tokenCreator—The email address of the user who created the token on another user's behalf. For NORMAL tokens, username and tokenCreator must be the same. For IMPERSONATED tokens, the user firing this query must have the Create Impersonated Token permission and a Manage Users permission. - expiresBefore—Specify to filter for tokens that expire before a specified interval. Can be used in conjunction with the expiresLaterThan parameter to filter for a given time range. In that case, expiresBefore must be greater than expiresLaterThan. - expiresLaterThan—Specify to filter for tokens that expire after a specified interval. Can be used in conjunction with the expiresBefore parameter to filter for a given time range. In that case, expiresLaterThan must be less than expiresBefore. - issuedBefore—Specify to filter for tokens that were issued before a specified interval. If you do not have permission to view a given token, its details are returned as masked entries. The format for expiresBefore, expiresLaterThan and issuedBefore is y M d h *m, where y=years, M=months, d=days, h=hours, m=minutes (case sensitive), and * representing any number. In addition to the search criteria above you must also specify the following parameters: - page—The number of the page to be returned (zero based). - pageSize—The number of records returned per page. Endpoint: POST /uar/v1/tokens/search Version: 2024.09 ## Request fields (application/json): - `tokenCreator` (string) The email address of the user who created tokens on another user's behalf (case sensitive). - `expiresBefore` (string) Gets tokens that expire before a specified interval. If used in conjunction with expiresLaterThan, must be greater than expiresLaterThan. Use the format 5y 6M 4d 3h 5m, where y=years, M=months, d=days, h=hours, m=minutes (case sensitive). - `expiresLaterThan` (string) Gets tokens that expire after a specified interval. If used in conjunction with expiresBefore, must be less than expiresBefore. Use the format 5y 6M 4d 3h 5m, where y=years, M=months, d=days, h=hours, m=minutes (case sensitive). - `issuedBefore` (string) Gets tokens that were issued before a specified interval. Use the format 5y 6M 4d 3h 5m, where y=years, M=months, d=days, h=hours, m=minutes (case sensitive). - `page` (integer, required) The number of the page to be returned (zero based). - `pageSize` (integer, required) The number of records returned per page. - `tokenName` (string) The name of the token. Use an asterisk (*) as placeholder for partial searches. - `tokenType` (string) Type of the token. Enum: "NORMAL", "IMPERSONATED" - `username` (string) The email address of the user for whom the token was created (case sensitive). ## Response 200 fields (application/json): - `responseObject` (object) - `responseObject.pageNumber` (integer) - `responseObject.pageSize` (integer) - `responseObject.response` (array) - `responseObject.response.expiryStr` (string, required) Lifetime of the token as specified when the token was created. Format: y M d h m, where y=years, M=months, d=days, h=hours, m=minutes (case sensitive), and representing any number. - `responseObject.response.tokenDescription` (string) Mandatory for IMPERSONATED tokens; optional for NORMAL tokens. For IMPERSONATED tokens, this field should capture the impersonation reason. - `responseObject.response.tokenExpiryMillis` (integer) The date and time when the token expires in milliseconds since 1970-01-01 00:00 (Epoch time). - `responseObject.response.tokenIssueMillis` (integer) The date and time when the token was issued in milliseconds since 1970-01-01 00:00 (Epoch time). - `responseObject.response.tokenName` (string, required) The name of the token that was verified. - `responseObject.response.tokenCreator` (string) The email address of the user who created the token. For NORMAL tokens, the email address for tokenCreator is the same as that for username. For IMPERSONATED tokens, the email addresses usually differ. - `responseObject.response.tokenType` (string, required) The type of token that was verified. Enum: "NORMAL", "IMPERSONATED" - `responseObject.response.username` (string, required) The user for whom the token was created. Usually this is specified as an email address. For NORMAL tokens, the email address for tokenCreator is the same as that for username. - `responseObject.totalResults` (integer) - `statusMessage` (string) The status message related to this API request.