Version: v1.0.0(int)

E006: List my API tokens

GET /api/user/api-tokens

Lists the caller's active (non-revoked) PATs. Response includes metadata and the display-safe tokenPrefix only — never plaintext or the hash.

Authentication

Authenticated route, no org membership required. Accepts either a Firebase ID token or a PAT.

Request

No body, no query parameters.

Response — 200 OK

{
  "data": [
    {
      "id": "uuid",
      "userId": "uuid",
      "orgId": "uuid | null",
      "name": "my-cli",
      "tokenPrefix": "pharus_pat_",
      "lastUsedAt": "2026-06-01T12:34:56.000Z",
      "expiresAt": null,
      "revokedAt": null,
      "createdAt": "2026-05-30T08:00:00.000Z"
    }
  ]
}

Errors

Status	Code	Trigger
401	`forbidden`	Missing or invalid bearer token.

Maps to

W006.

Authentication​

Request​

Response — 200 OK​

Errors​

Maps to​

Authentication

Request

Response — 200 OK

Errors

Maps to