Showing results for 
Search instead for 
Did you mean: 
Copilot Lvl 3
Message 1 of 2

API for determining Personal Access Token scopes?

Solved! Go to Solution.

Is there a way to retrieve the current scopes for a Personal Access Token (PAT)?


Use Case:

As an organization owner, I want to know the scopes currently granted to a PAT for a member of my organization that has been leaked.




1 Reply
Copilot Lvl 3
Message 2 of 2

Re: API for determining Personal Access Token scopes?

Got the answer from Ivan support:


If it hadn't been revoked, you could have figured our which scopes it has by making any API call with that token ( and then looking at the X-OAuth-Scopes response header. That header tells you which scopes the token has.


I've spent so much time staring at JSON that I forgot about the HTTP headers. /o\

Thanks, Ivan!