> ## Documentation Index
> Fetch the complete documentation index at: https://docs.turso.tech/llms.txt
> Use this file to discover all available pages before exploring further.
# List Organization API Tokens
> Returns the API tokens scoped to this organization (both organization-scoped and group-scoped). Unrestricted tokens are not returned here — manage those via [`GET /v1/auth/api-tokens`](/api-reference/tokens/list).
Authorization is symmetric with the revoke endpoint:
- **Admins and owners** see every token scoped to the organization, with the minting user attached in the `owner` field.
- **Members and viewers** see only tokens they minted themselves.
This mirrors the personal-access-token model used in GitHub organization settings: admins get the full attribution list; everyone else sees their own access.
Use this endpoint to enumerate the tokens that act on a single organization (both org-scoped and group-scoped). Admins and owners see every token in the organization with the minting user attached; members and viewers see only their own. To list tokens across every organization the caller belongs to, use [`GET /v1/auth/api-tokens`](/api-reference/tokens/list) instead.
```bash cURL theme={null}
curl -L 'https://api.turso.tech/v1/organizations/{organizationSlug}/api-tokens' \
-H 'Authorization: Bearer TOKEN'
```
## OpenAPI
````yaml GET /v1/organizations/{organizationSlug}/api-tokens
openapi: 3.0.1
info:
title: Turso Platform API
description: API description here
license:
name: MIT
version: 0.1.0
servers:
- url: https://api.turso.tech
description: Turso's Platform API
security: []
paths:
/v1/organizations/{organizationSlug}/api-tokens:
get:
summary: List Organization API Tokens
description: >-
Returns the API tokens scoped to this organization (both
organization-scoped and group-scoped). Unrestricted tokens are not
returned here — manage those via [`GET
/v1/auth/api-tokens`](/api-reference/tokens/list).
Authorization is symmetric with the revoke endpoint:
- **Admins and owners** see every token scoped to the organization, with
the minting user attached in the `owner` field.
- **Members and viewers** see only tokens they minted themselves.
This mirrors the personal-access-token model used in GitHub organization
settings: admins get the full attribution list; everyone else sees their
own access.
operationId: listOrganizationAPITokens
parameters:
- $ref: '#/components/parameters/organizationSlug'
responses:
'200':
description: Successful response
content:
application/json:
schema:
type: object
properties:
tokens:
type: array
items:
type: object
properties:
name:
type: string
description: The token name.
example: ci-bot
id:
type: string
description: The token ID. Pass this to the revoke endpoint.
example: clGFZ4STEe6fljpFzIum8A
organization:
type: string
description: >-
The organization slug. Always equal to the path
parameter for tokens returned here.
example: my-org
group:
type: string
description: >-
The group name. Present only for group-scoped
tokens.
example: default
scopes:
type: array
items:
type: string
description: >-
The expanded scope list. Present only for
group-scoped tokens.
example:
- db:create
- db:configure
- db:mint-token
owner:
type: object
properties:
username:
type: string
example: alice
email:
type: string
example: alice@example.com
description: >-
The user who minted the token. Returned to admins
and owners so they can see who provisioned each
token.
created_at:
type: string
description: The date the token was created.
example: '2026-05-21'
components:
parameters:
organizationSlug:
in: path
name: organizationSlug
required: true
schema:
type: string
description: The slug of the organization or user account.
````