> ## Documentation Index
> Fetch the complete documentation index at: https://docs.limitless.exchange/llms.txt
> Use this file to discover all available pages before exploring further.

# List Active Tokens

> Lists all active (non-revoked) API tokens for the authenticated partner. Requires token management to be enabled for the partner.

Returns all active (non-revoked) API tokens for the authenticated partner. Token secrets are never included in the response.

Requires token management to be enabled for the partner (see [Get Partner Capabilities](/api-reference/api-tokens/get-capabilities)).


## OpenAPI

````yaml GET /auth/api-tokens
openapi: 3.0.0
info:
  title: Limitless Exchange API
  description: >-
    Production-ready REST API for prediction market trading, portfolio
    management, and market data on Limitless Exchange (Base L2).
  version: '1.0'
  contact:
    name: API Support
    url: https://limitless.exchange
    email: help@limitless.network
servers:
  - url: https://api.limitless.exchange
    description: Production API
security: []
tags:
  - name: Authentication
    description: User authentication and session management
  - name: Markets
    description: Browse, search, and analyze prediction markets
  - name: Market Navigation
    description: Navigation tree, market pages, and property filters
  - name: Trading
    description: Create, manage, and cancel orders
  - name: Portfolio
    description: Position tracking, trade history, and performance
  - name: API Tokens
    description: Scoped API token management for partner integrations
  - name: Partner Accounts
    description: Sub-account creation and allowance recovery for partner integrations
  - name: System
    description: Public API state and availability information
paths:
  /auth/api-tokens:
    get:
      tags:
        - API Tokens
      summary: List active tokens
      description: >-
        Lists all active (non-revoked) API tokens for the authenticated partner.
        Requires token management to be enabled for the partner.
      operationId: ApiTokenController_listTokens
      parameters: []
      responses:
        '200':
          description: List of active tokens
          content:
            application/json:
              schema:
                type: array
                items:
                  $ref: '#/components/schemas/ApiTokenListItem'
        '401':
          description: Not authenticated
        '403':
          description: Token management not enabled for this partner
      security:
        - HmacAuth: []
components:
  schemas:
    ApiTokenListItem:
      type: object
      properties:
        tokenId:
          type: string
          description: Unique token identifier
        label:
          type: string
          nullable: true
          description: Human-readable label
        scopes:
          type: array
          items:
            type: string
          description: Granted scopes
        createdAt:
          type: string
          format: date-time
          description: Token creation timestamp
        lastUsedAt:
          type: string
          format: date-time
          nullable: true
          description: Last time the token was used for authentication
      required:
        - tokenId
        - label
        - scopes
        - createdAt
        - lastUsedAt
  securitySchemes:
    HmacAuth:
      type: apiKey
      in: header
      name: lmts-api-key
      description: >-
        Scoped API token with HMAC-SHA256 signing. Requires three headers:
        lmts-api-key (token ID), lmts-timestamp (ISO-8601), lmts-signature
        (Base64-encoded HMAC). See Authentication docs for details.

````