Admin Token API: Revoke Cluster Agent Tokens

Proposal

The Admin Token API allows revoking about arbitrary tokens. It can be used in to identify what a token does, e.g. in the context of leaked tokens, and revoke it.

It currently lacks support to revoke Cluster agent tokens. See the current implementation status.

DELETE /api/v4/admin/token

{"token": "glagent-..."}

Should revoke the cluster agent token and return a 204.

Afterwards, retrieving the token should show the token is revoked:

{
  "id": 1,
  "name": "test-agent-token",
  "description": null,
  "agent_id": 2,
  "status": "revoked",
  "created_at": "2025-01-16T14:20:29.408Z",
  "created_by_user_id": null,
  "last_used_at": null
}

References

• &15777
• https://docs.gitlab.com/ee/api/admin/token.html