Get a Personal-Access-Token (PAT) by ID

Returns a list of PATs for a user, currently only available for machine users/service accounts. PATs are ready-to-use tokens and can be sent directly in the authentication header.

Path Parameters

userId string required

Header Parameters

x-zitadel-orgid string

The default is always the organization of the requesting user. If you like to get a user from another organization include the header. Make sure the requesting user has permission in the requested organization.

application/json

application/grpc

application/grpc-web+proto

Request Body required

query object

Object unspecific list filters like offset, limit and asc/desc.

offset uint64

limit int64

Maximum amount of events returned. The default is set to 1000 in https://github.com/zitadel/zitadel/blob/new-eventstore/cmd/zitadel/startup.yaml. If the limit exceeds the maximum configured ZITADEL will throw an error. If no limit is present the default is taken.

asc boolean

default is descending

Request Body required

query object

Object unspecific list filters like offset, limit and asc/desc.

offset uint64

limit int64

Maximum amount of events returned. The default is set to 1000 in https://github.com/zitadel/zitadel/blob/new-eventstore/cmd/zitadel/startup.yaml. If the limit exceeds the maximum configured ZITADEL will throw an error. If no limit is present the default is taken.

asc boolean

default is descending

Request Body required

query object

Object unspecific list filters like offset, limit and asc/desc.

offset uint64

limit int64

Maximum amount of events returned. The default is set to 1000 in https://github.com/zitadel/zitadel/blob/new-eventstore/cmd/zitadel/startup.yaml. If the limit exceeds the maximum configured ZITADEL will throw an error. If no limit is present the default is taken.

asc boolean

default is descending

Responses

• 200
• default

---

OK

application/json

application/grpc

application/grpc-web+proto

Schema

Example (from schema)

---

Schema

details object

totalResult uint64

processedSequence uint64

viewTimestamp date-time

the last time the view got updated

result object[]
Array [
id string
details object
sequence uint64
on read: the sequence of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
creationDate date-time
on read: the timestamp of the first event of the object
on create: the timestamp of the event(s) added by the manipulation
changeDate date-time
on read: the timestamp of the last event reduced by the projection
on manipulation: the
resourceOwner resource_owner is the organization an object belongs to
expirationDate date-time
the date the token will expire
scopes string[]
scopes granted to the token
]

{
  "details": {
    "totalResult": "2",
    "processedSequence": "267831",
    "viewTimestamp": "2024-03-27T06:43:21.306Z"
  },
  "result": [
    {
      "id": "69629023906488334",
      "details": {
        "sequence": "2",
        "creationDate": "2024-03-27T06:43:21.306Z",
        "changeDate": "2024-03-27T06:43:21.306Z",
        "resourceOwner": "69629023906488334"
      },
      "expirationDate": "3019-04-01T08:45:00.000000Z",
      "scopes": [
        "openid"
      ]
    }
  ]
}

Schema

Example (from schema)

---

Schema

details object

totalResult uint64

processedSequence uint64

viewTimestamp date-time

the last time the view got updated

result object[]
Array [
id string
details object
sequence uint64
on read: the sequence of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
creationDate date-time
on read: the timestamp of the first event of the object
on create: the timestamp of the event(s) added by the manipulation
changeDate date-time
on read: the timestamp of the last event reduced by the projection
on manipulation: the
resourceOwner resource_owner is the organization an object belongs to
expirationDate date-time
the date the token will expire
scopes string[]
scopes granted to the token
]

{
  "details": {
    "totalResult": "2",
    "processedSequence": "267831",
    "viewTimestamp": "2024-03-27T06:43:21.307Z"
  },
  "result": [
    {
      "id": "69629023906488334",
      "details": {
        "sequence": "2",
        "creationDate": "2024-03-27T06:43:21.307Z",
        "changeDate": "2024-03-27T06:43:21.307Z",
        "resourceOwner": "69629023906488334"
      },
      "expirationDate": "3019-04-01T08:45:00.000000Z",
      "scopes": [
        "openid"
      ]
    }
  ]
}

Schema

Example (from schema)

---

Schema

details object

totalResult uint64

processedSequence uint64

viewTimestamp date-time

the last time the view got updated

result object[]
Array [
id string
details object
sequence uint64
on read: the sequence of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
creationDate date-time
on read: the timestamp of the first event of the object
on create: the timestamp of the event(s) added by the manipulation
changeDate date-time
on read: the timestamp of the last event reduced by the projection
on manipulation: the
resourceOwner resource_owner is the organization an object belongs to
expirationDate date-time
the date the token will expire
scopes string[]
scopes granted to the token
]

{
  "details": {
    "totalResult": "2",
    "processedSequence": "267831",
    "viewTimestamp": "2024-03-27T06:43:21.307Z"
  },
  "result": [
    {
      "id": "69629023906488334",
      "details": {
        "sequence": "2",
        "creationDate": "2024-03-27T06:43:21.307Z",
        "changeDate": "2024-03-27T06:43:21.307Z",
        "resourceOwner": "69629023906488334"
      },
      "expirationDate": "3019-04-01T08:45:00.000000Z",
      "scopes": [
        "openid"
      ]
    }
  ]
}

An unexpected error response.

application/json

application/grpc

application/grpc-web+proto

Schema

Example (from schema)

---

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema

Example (from schema)

---

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema

Example (from schema)

---

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

POST /users/:userId/pats/_search

Authorization

name: OAuth2type: oauth2scopes: openid,urn:zitadel:iam:org:project:id:zitadel:audflows: {
  "authorizationCode": {
    "authorizationUrl": "$CUSTOM-DOMAIN/oauth/v2/authorize",
    "tokenUrl": "$CUSTOM-DOMAIN/oauth/v2/token",
    "scopes": {
      "openid": "openid",
      "urn:zitadel:iam:org:project:id:zitadel:aud": "urn:zitadel:iam:org:project:id:zitadel:aud"
    }
  }
}

Request

Base URL

https://$CUSTOM-DOMAIN/management/v1

Bearer Token

userId — path required

x-zitadel-orgid — header

Content-Type

application/jsonapplication/grpcapplication/grpc-web+proto

Body required

{
  "query": {
    "offset": "0",
    "limit": 100,
    "asc": true
  }
}

Accept

application/jsonapplication/grpcapplication/grpc-web+proto

curl / cURL

curl -L -X POST 'https://$CUSTOM-DOMAIN/management/v1/users/:userId/pats/_search' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "query": {
    "offset": "0",
    "limit": 100,
    "asc": true
  }
}'

python / requests

curl -L -X POST 'https://$CUSTOM-DOMAIN/management/v1/users/:userId/pats/_search' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "query": {
    "offset": "0",
    "limit": 100,
    "asc": true
  }
}'

go / native

curl -L -X POST 'https://$CUSTOM-DOMAIN/management/v1/users/:userId/pats/_search' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "query": {
    "offset": "0",
    "limit": 100,
    "asc": true
  }
}'

nodejs / axios

curl -L -X POST 'https://$CUSTOM-DOMAIN/management/v1/users/:userId/pats/_search' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "query": {
    "offset": "0",
    "limit": 100,
    "asc": true
  }
}'

ruby / Net::HTTP

curl -L -X POST 'https://$CUSTOM-DOMAIN/management/v1/users/:userId/pats/_search' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "query": {
    "offset": "0",
    "limit": 100,
    "asc": true
  }
}'

csharp / RestSharp

curl -L -X POST 'https://$CUSTOM-DOMAIN/management/v1/users/:userId/pats/_search' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "query": {
    "offset": "0",
    "limit": 100,
    "asc": true
  }
}'

php / cURL

curl -L -X POST 'https://$CUSTOM-DOMAIN/management/v1/users/:userId/pats/_search' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "query": {
    "offset": "0",
    "limit": 100,
    "asc": true
  }
}'

java / OkHttp

curl -L -X POST 'https://$CUSTOM-DOMAIN/management/v1/users/:userId/pats/_search' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "query": {
    "offset": "0",
    "limit": 100,
    "asc": true
  }
}'

powershell / RestMethod

curl -L -X POST 'https://$CUSTOM-DOMAIN/management/v1/users/:userId/pats/_search' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "query": {
    "offset": "0",
    "limit": 100,
    "asc": true
  }
}'