Jump to >

This documentation covers the in-development release of Review Board. You can see the latest stable docs or all previous versions.

OAuth2 Tokens List Resource

Added in 3.0

An API resource for managing OAuth2 tokens.

This resource allows callers to list, update, or delete their existing tokens.


Using this resource requires extra features to be enabled on the server. See “Required Features” below.


Name oauth_tokens
URI /api/oauth-tokens/
Required Features
  • oauth.service
Token Policy ID oauth_token
HTTP Methods
  • GET - Retrieve a list of information about an OAuth2 token.
Parent Resource Root List Resource
Child Resources
Anonymous Access No


Retrieve a list of information about an OAuth2 token.

If accessing this API on a Local Site, the results will be limited to those associated with that site. Otherwise, it will be limited to those associated with no Local Site.

This can only be accessed by the owner of the tokens or superusers.

Request Parameters

counts-onlyBoolean If specified, a single count field is returned with the number of results, instead of the results themselves.
max-resultsInteger The maximum number of results to return in this list. By default, this is 25. There is a hard limit of 200; if you need more than 200 results, you will need to make more than one request, using the “next” pagination link.
startInteger The 0-based index of the first result in the list. The start index is usually the previous start index plus the number of previous results. By default, this is 0.


100 - Does Not ExistHTTP 404 - Not Found Object does not exist
101 - Permission DeniedHTTP 403 - Forbidden You don’t have permission for this
103 - Not Logged InHTTP 401 - Unauthorized You are not logged in
105 - Invalid Form DataHTTP 400 - Bad Request One or more fields had errors
112 - OAuth2 Missing Scope ErrorHTTP 403 - Forbidden Your OAuth2 token lacks the necessary scopes for this request.
113 - OAuth2 Access Denied ErrorHTTP 403 - Forbidden OAuth2 token access for this resource is prohibited.



$ curl http://reviews.example.com/api -H "Accept: application/json"
Vary: Accept, Cookie
Item-Content-Type: application/vnd.reviewboard.org.oauth-token+json
Content-Type: application/vnd.reviewboard.org.oauth-tokens+json
ETag: b920158d9b33cdce87c3c924fae18b0032e09e56
X-Content-Type-Options: nosniff
  "links": {
    "self": {
      "href": "http://reviews.example.com/api", 
      "method": "GET"
  "oauth_tokens": [
      "application": "Awesome App", 
      "expires": "2018-10-03T09:51:16.244000+00:00", 
      "links": {
        "delete": {
          "href": "http://reviews.example.com/api/oauth-tokens/1/", 
          "method": "DELETE"
        "self": {
          "href": "http://reviews.example.com/api/oauth-tokens/1/", 
          "method": "GET"
        "update": {
          "href": "http://reviews.example.com/api/oauth-tokens/1/", 
          "method": "PUT"
      "scope": [
      "token": "abc123"
  "stat": "ok", 
  "total_results": 1