ntcli token list

Overview

List all active workspace tokens for the current workspace. This command shows token metadata including JWT ID (JTI), creation time, expiration, and indicates which token is currently being used.

Syntax

ntcli token list [options]

Options

--format

string

Output format for the token listDefault: table
Options: table, json

--show-expired

boolean

Include expired tokens in the listDefault: false
Use case: Audit token usage history

Examples

List Active Tokens

# List all active workspace tokens
ntcli token list

Output:

┌─────────────────────┬─────────────────────┬─────────────────────┬─────────┐
│ JTI                 │ Created             │ Expires             │ Current │
├─────────────────────┼─────────────────────┼─────────────────────┼─────────┤
│ jti_abc123          │ 2024-08-07 10:30:00 │ 2025-08-07 10:30:00 │ ✓       │
│ jti_def456          │ 2024-07-15 14:20:00 │ 2025-07-15 14:20:00 │         │
│ jti_ghi789          │ 2024-06-01 09:15:00 │ Never               │         │
└─────────────────────┴─────────────────────┴─────────────────────┴─────────┘

Include Expired Tokens

# Show all tokens including expired ones
ntcli token list --show-expired

Output:

┌─────────────────────┬─────────────────────┬─────────────────────┬─────────┬─────────────┐
│ JTI                 │ Created             │ Expires             │ Current │ Status      │
├─────────────────────┼─────────────────────┼─────────────────────┼─────────┼─────────────┤
│ jti_abc123          │ 2024-08-07 10:30:00 │ 2025-08-07 10:30:00 │ ✓       │ Active      │
│ jti_def456          │ 2024-07-15 14:20:00 │ 2025-07-15 14:20:00 │         │ Active      │
│ jti_old123          │ 2024-01-01 12:00:00 │ 2024-06-01 12:00:00 │         │ Expired     │
└─────────────────────┴─────────────────────┴─────────────────────┴─────────┴─────────────┘

JSON Output

# Get token list in JSON format
ntcli token list --format json

Output:

{
  "tokens": [
    {
      "jti": "jti_abc123",
      "created_at": "2024-08-07T10:30:00Z",
      "expires_at": "2025-08-07T10:30:00Z",
      "is_current": true,
      "status": "active"
    },
    {
      "jti": "jti_def456", 
      "created_at": "2024-07-15T14:20:00Z",
      "expires_at": "2025-07-15T14:20:00Z",
      "is_current": false,
      "status": "active"
    }
  ],
  "total_active": 2,
  "current_token_jti": "jti_abc123"
}

Understanding Token Information

Table Columns

Column	Description
JTI	JWT ID - unique identifier for the token
Created	When the token was created
Expires	When the token expires (“Never” for non-expiring tokens)
Current	✓ indicates the token currently stored locally
Status	Active, Expired, or Revoked (when `--show-expired` is used)

Token States

Active: Token is valid and can be used
Expired: Token has passed its expiration date
Current: Token currently stored in local configuration

Token Management Workflow

Audit Token Usage

# Review all tokens for security audit
ntcli token list --show-expired --format json | jq '.tokens[] | {jti, created_at, expires_at, status}'

Clean Up Old Tokens

# List tokens to identify old ones
ntcli token list

# Revoke specific old tokens
ntcli token revoke jti_old123
ntcli token revoke jti_old456

Monitor Token Expiration

# Check which tokens are expiring soon
ntcli token list --format json | jq '.tokens[] | select(.expires_at != null) | {jti, expires_at}'

Security Considerations

Token Rotation: Regularly review and revoke unused tokens to maintain security.

Multiple Active Tokens: Multiple tokens can be active simultaneously. Revoke unused tokens to reduce attack surface.

Best Practices

Regular Audits: Review token list monthly to identify unused tokens
Token Naming: Use meaningful JTI patterns if creating tokens programmatically
Expiration Monitoring: Set up alerts for tokens nearing expiration
Immediate Revocation: Revoke tokens immediately when no longer needed

Error Handling

Authentication Required

Error: Authentication required. Try running ntcli token refreshSolution: You need a valid workspace token to list tokens:

ntcli token refresh
ntcli token list

Workspace Not Selected

Error: No workspace selectedSolution: Select a workspace first:

ntcli workspace switch my-workspace
ntcli token list

No Tokens Found

Output: Empty token listSolution: Create a token first:

ntcli token create
ntcli token list

token create

Create new workspace tokens

token refresh

Refresh current workspace token

token revoke

Revoke specific tokens

token show

Show current token information

Get Started

Core Concepts

Authentication

Workspace Management

Server Management

MCP Client

Registry

Secrets Management

Token Management

Utilities

Overview

Syntax

Options

Examples

List Active Tokens

Include Expired Tokens

JSON Output

Understanding Token Information

Table Columns

Token States

Token Management Workflow

Audit Token Usage

Clean Up Old Tokens

Monitor Token Expiration

Security Considerations

Best Practices

Error Handling

token create

token refresh

token revoke

token show

Get Started

Core Concepts

Authentication

Workspace Management

Server Management

MCP Client

Registry

Secrets Management

Token Management

Utilities

​Overview

​Syntax

​Options

​Examples

​List Active Tokens

​Include Expired Tokens

​JSON Output

​Understanding Token Information

​Table Columns

​Token States

​Token Management Workflow

​Audit Token Usage

​Clean Up Old Tokens

​Monitor Token Expiration

​Security Considerations

​Best Practices

​Error Handling

​Related Commands

token create

token refresh

token revoke

token show

Overview

Syntax

Options

Examples

List Active Tokens

Include Expired Tokens

JSON Output

Understanding Token Information

Table Columns

Token States

Token Management Workflow

Audit Token Usage

Clean Up Old Tokens

Monitor Token Expiration

Security Considerations

Best Practices

Error Handling

Related Commands