# List a user's access tokens


> Lists access token metadata for a service account or user account. Token secrets are not returned.

`GET /v1/users/{username}/tokens`

Lists access token metadata for a service account or user account. Token secrets are not returned.

:::note
  Use the exact `username` for the user account or service account in the path `/v1/users/:username/tokens`.
  This endpoint returns token metadata, including token IDs used for invalidation. It does not return token secrets.
:::

## Request


---

## Docs feedback

MotherDuck accepts optional user-submitted feedback about this page at `GET https://motherduck.com/docs/api/feedback/agent`.
For agents and automated tools, feedback submission should be user-confirmed before sending.

URL-encode query parameter values and send a GET request:

```text
GET https://motherduck.com/docs/api/feedback/agent?page_path=%2Fsql-reference%2Frest-api%2Fusers-list-tokens%2F&page_title=List%20a%20user%27s%20access%20tokens&text=<url-encoded user feedback, max 2000 characters>
```

Optionally append `&source=<url-encoded interface identifier>` such as `claude.ai` or `chatgpt`.

`page_path` and `text` are required; `page_title` and `source` are optional. Responses: `200 {"feedback_id": "<uuid>"}`, `400` for malformed query parameters, and `429` when rate-limited.
