Skip to main content
GET
/
apps
/
{app_id}
/
auth
/
tokens
View API keys
curl --request GET \
  --url https://api.onesignal.com/apps/{app_id}/auth/tokens \
  --header 'Authorization: <authorization>' \
  --header 'Content-Type: <content-type>'
{
  "tokens": [
    {
      "token_id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
      "name": "<string>",
      "ip_allowlist": [
        "<string>"
      ],
      "created_at": "2023-11-07T05:31:56Z",
      "updated_at": "2023-11-07T05:31:56Z",
      "formatted_token": "<string>"
    }
  ]
}

Overview

This API is helpful for auditing and managing the API keys (Rich Authentication Tokens) associated with an app. It returns metadata for each token, including:
  • Token name and ID
  • IP allow list mode and associated CIDR ranges (if any)
  • Creation and last updated timestamps
For background on different OneSignal API keys, see Keys & IDs.

How to use this API

Use your Organization API Key, to authenticate. This key is different from the standard REST API key.

Headers

Content-Type
string
default:application/json
required
Authorization
string
default:Key YOUR_ORGANIZATION_API_KEY
required

Your Organization API key with prefix Key. See Keys & IDs.

Path Parameters

app_id
string
default:YOUR_APP_ID
required

Your OneSignal App ID in UUID v4 format. See Keys & IDs.

Response

List of API key tokens for this app. The formatted_token field is never populated in this response — the secret is only shown immediately after create or rotate.

tokens
object[]

All API key tokens registered against this app (ordered by created_at).