Personal Access Token API: `GET /personal_access_tokens` - to display last usage info

Release notes

Currently, the API method GET /personal_access_tokens doesn't show last usage info of a PAT. On the other hand, the last usage info is available in the PAT UI.

Our customers could benefit from the availability of the last_usage info in our API response, when setting up automation in audit processes.

Problem to solve

PAT's last usage info is not displayed in the response of API call GET /personal_access_tokens.

Intended users

Administrators of any GitLab instance.

User experience goal

If the last_usage info becomes available through our API, it would be possible to manipulate (e.g. not-recently-used) PATs in a programmatic way.

Proposal

Current API response:

[
    {
        "id": 4,
        "name": "Test Token",
        "revoked": false,
        "created_at": "2020-07-23T14:31:47.729Z",
        "scopes": [
            "api"
        ],
        "active": true,
        "user_id": 24,
        "expires_at": null
    }
]

should be extended by (e.g.)

        "last_used_at": "2020-08-23T14:31:47.729Z",

Further details

Permissions and Security

Admins can see the "last_used_at" info of all the PATs. Regular user should be able to see "last_used_at" info of its own PATs only.

Documentation

Availability & Testing

Available Tier

• Free

What does success look like, and how can we measure that?

Introducing "last_used_at" in the API response would contribute to better user/admin experience, where further automation can be introduced on customers/admins side.

What is the type of buyer?

Is this a cross-stage feature?

Nope, this change should only affect the API.

Links / references

Personal Access Token API

This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.