---
title: View tokens
description: View API tokens in InfluxDB using the InfluxDB UI, the influx CLI, or the InfluxDB API.
url: https://docs.influxdata.com/influxdb/cloud/admin/tokens/view-tokens/
estimated_tokens: 1996
product: InfluxDB Cloud (TSM)
version: cloud
---

# View tokens

View API tokens and permissions using the InfluxDB user interface (UI), the `influx` command line interface (CLI), or the InfluxDB API.

To follow best practices for secure API token generation and retrieval, InfluxDB Cloud enforces access restrictions on API tokens.

-   InfluxDB Cloud UI only allows access to the API token value immediately after the token is created.
-   You can’t change access (**read/write**) permissions for an API token after it’s created.
-   Tokens stop working when the user who created the token is deleted.

We recommend the following for managing your tokens:

-   Create a generic user to create and manage tokens for writing data.
-   Store your tokens in a secure password vault for future access.

## View tokens in the InfluxDB UI

1. In the navigation menu on the left, select **Load Data** > **API Tokens**.

Load Data

2. Click a token description in the list to view the token status and a list of access permissions.

## View tokens using the influx CLI

Use the [`influx auth list` command](/influxdb/cloud/reference/cli/influx/auth/list) to view tokens.

```sh
influx auth list
```

Filtering options such as filtering by authorization ID, username, or user ID are available. See the [`influx auth list` documentation](/influxdb/cloud/reference/cli/influx/auth/list) for information about other available flags.

## View tokens using the InfluxDB API

Use the `/api/v2/authorizations` InfluxDB API endpoint to view tokens and permissions.

[GET /api/v2/authorizations](/influxdb/cloud/api/authorizations-api-tokens/)

Include the following in your request:

| Requirement | Include by |
| --- | --- |
| API token with the read: authorizations permission | Use the Authorization: Token YOUR_API_TOKEN header. |

```sh
INFLUX_TOKEN=YOUR_API_TOKEN

curl --request GET \
	"http://localhost:8086/api/v2/authorizations" \
  --header "Authorization: Token ${INFLUX_TOKEN}" \
  --header 'Content-type: application/json'
```

### View a single token

To view a specific authorization and token, include the authorization ID in the URL path.

[GET /api/v2/authorizations/{authID}](/influxdb/cloud/api/authorizations-api-tokens/)

### Filter the token list

InfluxDB returns authorizations from the same organization as the token used in the request. To filter tokens by user, include `userID` as a query parameter in your request.

```sh
# The example below uses the common `curl` and `jq` command-line tools
# with the InfluxDB API to do the following:
# 1. Find a user by username and extract the user ID.
# 2. Find the user's authorizations by user ID.
# 3. Filter for `active` authorizations that have `write` permission.

INFLUX_TOKEN=YOUR_API_TOKEN

function list_write_auths() {
  curl "http://localhost:8086/api/v2/users/?name=$1" \
    --header "Authorization: Token ${INFLUX_TOKEN}" \
    --header 'Content-type: application/json' | \
  
  jq --arg USER $1 '.users[] | select(.name == $USER) | .id' | \
  
  xargs -I '%' \
  curl "http://localhost:8086/api/v2/authorizations/?userID=%" \
    --header "Authorization: Token ${INFLUX_TOKEN}" \
    --header 'Content-type: application/json' | \
  
  jq '.authorizations[]
        | select(.permissions[] | select(.action=="write"))
        | select(.status=="active")'
}

list_write_auths 'iot_user_1'
```

See the [`/authorizations` endpoint documentation](/influxdb/cloud/api/authorizations-api-tokens/) for more information about available parameters.