Adds superuser-AllAppTokens API endpoint

api_reference/master.adoc

@@ -216,6 +216,7 @@ include::modules/api-superuser-listAllLogs.adoc[leveloffset=+2]
 include::modules/api-superuser-listAllOrganizations.adoc[leveloffset=+2]
 include::modules/api-superuser-createServiceKey.adoc[leveloffset=+2]
 include::modules/api-superuser-listServiceKeys.adoc[leveloffset=+2]
+include::modules/api-superuser-listAllAppTokens.adoc[leveloffset=+2]
 include::modules/api-superuser-changeUserQuotaSuperUser.adoc[leveloffset=+2]
 include::modules/api-superuser-deleteUserQuotaSuperUser.adoc[leveloffset=+2]
 include::modules/api-superuser-createUserQuotaSuperUser.adoc[leveloffset=+2]

modules/api-superuser-listAllAppTokens.adoc

@@ -0,0 +1,59 @@
+
+= listAllAppTokens
+Returns a list of all app specific tokens in the system.
+
+        This endpoint is for system-wide auditing by superusers and global read-only superusers.
+
+[discrete]
+== GET /api/v1/superuser/apptokens
+
+
+
+**Authorizations: **oauth2_implicit (**super:user**)
+
+
+
+[discrete]
+== Query parameters
+
+[options="header", width=100%, cols=".^2a,.^3a,.^9a,.^4a"]
+|===
+|Type|Name|Description|Schema
+|query|**expiring** + 
+_optional_|If true, only returns those tokens expiring soon|boolean
+|===
+
+
+[discrete]
+== Responses
+
+[options="header", width=100%, cols=".^2a,.^14a,.^4a"]
+|===
+|HTTP Code|Description|Schema
+|200|Successful invocation|
+|400|Bad Request|<<_apierror,ApiError>>
+|401|Session required|<<_apierror,ApiError>>
+|403|Unauthorized access|<<_apierror,ApiError>>
+|404|Not found|<<_apierror,ApiError>>
+|===
+
+[discrete]
+== Example command
+
+.Example: List all app-specific tokens
+[source,terminal]
+----
+$ curl -X GET \
+  "https://quay-server.example.com/api/v1/superuser/apptokens" \
+  -H "Authorization: Bearer <superuser_access_token>" \
+  -H "Accept: application/json"
+----
+
+.Example: List app-specific tokens expiring soon
+[source,terminal]
+----
+$ curl -X GET \
+  "https://quay-server.example.com/api/v1/superuser/apptokens?expiring=true" \
+  -H "Authorization: Bearer <superuser_access_token>" \
+  -H "Accept: application/json"
+----

modules/managing-service-keys-api.adoc

@@ -59,6 +59,26 @@ $ curl -X GET \
 {"keys":[{"approval":{"approval_type":"ServiceKeyApprovalType.AUTOMATIC","approved_date":"Mon, 20 Jan 2025 14:46:01 GMT","approver":null,"notes":""},"created_date":"Mon, 20 Jan 2025 14:46:01 GMT","expiration_date":"Wed, 05 Feb 2025 22:03:37 GMT","jwk":{"e":"AQAB","kid":"<example>","kty":"RSA","n":"<example>"},"kid":"7fr8soqXGgea8JqjwgItjjJT9GKlt-bMyMCDmvzy6WQ","metadata":{"created_by":"CLI tool"},"name":"http://quay-server.example.com:80","rotation_duration":null,"service":"quay"}]}
 ----
 
+* Use the link:https://docs.redhat.com/en/documentation/red_hat_quay/3.16/html-single/red_hat_quay_api_reference/index#listAllAppTokens[`GET /api/v1/superuser/apptokens`] endpoint to return a list of service account keys:
++
+[source,terminal]
+----
+$ curl -X GET \
+  "https://quay-server.example.com/api/v1/superuser/apptokens?expiring=true" \
+  -H "Authorization: Bearer <superuser_access_token>" \
+  -H "Accept: application/json"
+----
++
+Alternatively, you can include the `expiring=true` option. For example:
++
+[source,terminal]
+----
+$ curl -X GET \
+  "https://quay-server.example.com/api/v1/superuser/apptokens?expiring=true" \
+  -H "Authorization: Bearer <superuser_access_token>" \
+  -H "Accept: application/json"
+----
+
 * Use the link:https://docs.redhat.com/en/documentation/red_hat_quay/{producty}/html-single/red_hat_quay_api_reference/index#getservicekey[`GET /api/v1/superuser/keys/{kid}`] endpoint to retrieve information about a service account by its kid:
 +
 [source,terminal]

modules/new-api-endpoints-316.adoc

@@ -17,4 +17,16 @@ New tag API parameters, `getTagPullStatistics` and `getManifestPullStatistics`,
 
 |===
 
-See link:https://docs.redhat.com/en/documentation/red_hat_quay/3/html/red_hat_quay_api_reference/tag[Chapter 22. tag] for more information, including example commands.
+See link:https://docs.redhat.com/en/documentation/red_hat_quay/3.16/html/red_hat_quay_api_reference/tag[Chapter 22. tag] for more information, including example commands.
+
+[id="app-token-api"]
+== App token API endpoint
+
+A new API parameter, `listAllAppTokens`, has been added to the {productname} API. This endpoint enables superusers to manage and audit application-specific tokens.
+
+|===
+| Name | Description | Schema
+|*listAllAppTokens* |List all application tokens across all users in the system. Requires superuser or global read-only superuser privileges. | object
+|===
+
+See link:https://docs.redhat.com/en/documentation/red_hat_quay/3.16/html-single/red_hat_quay_api_reference/index#superuser[Chapter 22. superuser] for more information, including example commands.