Admin Token API: Identify Incoming Mail Tokens

Proposal

The Admin Token API allows getting information about arbitrary tokens. It can be used in to identify what a token does, e.g. in the context of leaked tokens.

It currently lacks support for Incoming mail tokens for identification, as well as revocation. See the current implementation status.

POST /api/v4/admin/token

Should return information about the user that the incoming mail token is associated with:

{
	"id": 68,
	"username": "reported_user_22",
	"name": "Diann Turcotte",
	"state": "active",
	...
	"work_information": null,
	"followers": 0,
	"following": 0,
	"is_followed": false,
	"local_time": null
}

References

&15777
https://docs.gitlab.com/ee/api/admin/token.html

Edited Jan 08, 2025 by Nicholas Wittstruck