List Prometheus scrape tokens
GET /api/integrations/prometheus-tokens
Lists all non-revoked Prometheus scrape tokens with their metadata. The raw token value is NEVER returned — only id, name, created_at, last_used_at, last_used_ip, expires_at, revoked_at. Use this endpoint for operator dashboards and audit review.
Admin role required (D-24).
Authorizations
Section titled “Authorizations ”Responses
Section titled “ Responses ”Token metadata array.
Array of scrape token metadata. Raw token values are never exposed.
object
One element per non-revoked token, newest first.
Scrape token metadata. No cleartext token, no hash.
object
Token row id.
Operator-facing label.
When the token was minted.
When the token was last successfully used to scrape. Field is omitted (or empty zero-time) when the token has never been used.
Source IP from the most recent successful scrape, or empty if never used.
Token expiry. Field is omitted (or empty zero-time) when the token has no expiry.
When the token was revoked. Field is omitted (or empty zero-time) when the token is still active.
Authentication is required or the supplied token is invalid.
Standardised error envelope per RFC 7807. Many existing endpoints still
return an older shape (e.g. {"error": "..."}). This schema documents the
target shape; legacy endpoints will be migrated in Phase 70. Per D-21 the
spec describes current behaviour without enforcing the migration here.
object
A URI reference that identifies the problem type.
A short human-readable summary of the problem.
The HTTP status code generated by the origin server.
A human-readable explanation specific to this occurrence.
A URI reference that identifies the specific occurrence.
Legacy error message field. Will be removed once handlers are migrated.
Legacy per-field error details. Will be removed once handlers are migrated.
object
The request id middleware-assigned identifier for tracing.
Forbidden — admin role required.
Standardised error envelope per RFC 7807. Many existing endpoints still
return an older shape (e.g. {"error": "..."}). This schema documents the
target shape; legacy endpoints will be migrated in Phase 70. Per D-21 the
spec describes current behaviour without enforcing the migration here.
object
A URI reference that identifies the problem type.
A short human-readable summary of the problem.
The HTTP status code generated by the origin server.
A human-readable explanation specific to this occurrence.
A URI reference that identifies the specific occurrence.
Legacy error message field. Will be removed once handlers are migrated.
Legacy per-field error details. Will be removed once handlers are migrated.
object
The request id middleware-assigned identifier for tracing.
Internal server error
Standardised error envelope per RFC 7807. Many existing endpoints still
return an older shape (e.g. {"error": "..."}). This schema documents the
target shape; legacy endpoints will be migrated in Phase 70. Per D-21 the
spec describes current behaviour without enforcing the migration here.
object
A URI reference that identifies the problem type.
A short human-readable summary of the problem.
The HTTP status code generated by the origin server.
A human-readable explanation specific to this occurrence.
A URI reference that identifies the specific occurrence.
Legacy error message field. Will be removed once handlers are migrated.
Legacy per-field error details. Will be removed once handlers are migrated.
object
The request id middleware-assigned identifier for tracing.