Skip to main content
GET
/
apps
/
{app_id}
/
auth
/
tokens
View API keys
curl --request GET \
  --url https://api.onesignal.com/apps/{app_id}/auth/tokens \
  --header 'Authorization: <authorization>' \
  --header 'Content-Type: <content-type>'
{
  "tokens": [
    {
      "token_id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
      "name": "<string>",
      "ip_allowlist": [
        "<string>"
      ],
      "created_at": "2023-11-07T05:31:56Z",
      "updated_at": "2023-11-07T05:31:56Z",
      "formatted_token": "<string>"
    }
  ]
}

Documentation Index

Fetch the complete documentation index at: https://documentation.onesignal.com/llms.txt

Use this file to discover all available pages before exploring further.

Overview

This API is helpful for auditing and managing the API keys (Rich Authentication Tokens) associated with an app. It returns metadata for each token, including:
  • Token name and ID
  • IP allow list mode and associated CIDR ranges (if any)
  • Creation and last updated timestamps
For background on different OneSignal API keys, see Keys & IDs.

How to use this API

Use your Organization API Key, to authenticate. This key is different from the standard REST API key.

Headers

Content-Type
string
default:application/json
required
Authorization
string
default:Key YOUR_ORGANIZATION_API_KEY
required

Your Organization API key with prefix Key . See Keys & IDs.

Path Parameters

app_id
string
default:YOUR_APP_ID
required

Your OneSignal App ID in UUID v4 format. See Keys & IDs.

Response

List of API key tokens for this app. The formatted_token field is never populated in this response — the secret is only shown immediately after create or rotate.

tokens
object[]

All API key tokens registered against this app (ordered by created_at).