List a service account's API tokens
GET/organizations/:organization_id/users/:user_id/tokens
Lists the API tokens issued to a client-managed service account. The raw token value is NEVER returned here — only on creation. The target user must be client-managed; a human target returns 401.
Requires user:read (via the same management permission as token issuance), an enterprise organization, and at least the org-admin role.
Request
Responses
- 200
- 401
- 404
The service account's tokens (secrets omitted)
Caller lacks permission, or the target is not a client-managed user
Organization or user not found