> ## Documentation Index > Fetch the complete documentation index at: https://developer.hellgate.io/llms.txt > Use this file to discover all available pages before exploring further. # Get tokens > List all tokens in the PCI DSS scope. ## OpenAPI ````yaml /products/guardian/openapi.yaml get /api/pci/tokens openapi: 3.1.0 info: title: Guardian API version: '1.0' contact: name: Starfish GmbH & Co. KG email: hello@starfish.team url: https://hellgate.io/cpa/guardian license: name: Hellgate API Terms url: https://hellgate.io/terms-and-conditions servers: - url: https://{cluster_id}.on-hellgate.cloud description: Guardian service instance variables: cluster_id: default: my-cluster-id description: | Guardian is a service of the Hellgate Cloud Platform. The unique cluster-id is used to connect to your instance. security: [] tags: - name: pci description: Management of card payment credentials under the ruling of PCI DSS. - name: network description: Management of network tokens and cryptograms for secure transactions. - name: generic description: Management of generic tokens and their schemas for various use cases. - name: metadata description: Inquiries for card metadata based on PAN, PCI tokens, or network tokens. - name: apikey description: Management of API keys for service access. - name: webhook description: Management of webhooks for event notifications. - name: types description: Management of types for generic token schemas. paths: /api/pci/tokens: get: tags: - pci summary: Get tokens description: List all tokens in the PCI DSS scope. operationId: pci_token_list parameters: - name: limit in: query description: > The limit parameter defines the maximum number of rows returned in a single call and enables consecutive pagination using the `next` link provided in the response payload. required: false schema: type: integer default: 20 minimum: 1 maximum: 100 responses: '200': description: Success response content: application/json: schema: $ref: '#/components/schemas/pci_token_list' '401': $ref: '#/components/responses/401_UnauthorizedError' '403': $ref: '#/components/responses/403_ForbiddenError' security: - APIKey: [] - AdminToken: [] components: schemas: pci_token_list: type: object properties: data: type: array items: $ref: '#/components/schemas/pci_token' links: type: object properties: next: type: string format: uri required: - next required: - data - links example: data: - id: 8744c9ea-a02b-4ae6-875c-b64fc333e3ef card: cardholder_name: John Doe expiry_month: 12 expiry_year: 2025 masked_account_number: 411111******1111 scheme: visa created_at: '2023-10-01T12:00:00Z' links: next: >- https://my-cluster-id.on-hellgate.cloud/pci/tokens?after=8744c9ea-a02b-4ae6-875c-b64fc333e3ef&limit=20 pci_token: title: Token type: object properties: id: type: string format: uuid card: $ref: '#/components/schemas/card' created_at: type: string format: date-time expires_at: type: string format: date-time metadata: $ref: '#/components/schemas/Metadata' required: - id - card - created_at example: id: 8744c9ea-a02b-4ae6-875c-b64fc333e3ef card: cardholder_name: John Doe expiry_month: 12 expiry_year: 2025 masked_account_number: 411111******1111 scheme: visa created_at: '2023-10-01T12:00:00Z' ErrorGeneric: type: object properties: code: $ref: '#/components/schemas/ErrorStatusCode' classifier: $ref: '#/components/schemas/ErrorClassifier' message: $ref: '#/components/schemas/ErrorMessage' card: type: object properties: cardholder_name: type: string expiry_month: type: integer expiry_year: type: integer masked_account_number: type: string scheme: type: string enum: - visa - mastercard - american express - discover - diners club - jcb - unionpay required: - expiry_month - expiry_year - masked_account_number - scheme example: cardholder_name: John Doe expiry_month: 12 expiry_year: 2025 masked_account_number: 411111******1111 scheme: visa Metadata: type: object description: | Metadata consisting of key-value entries. * Maximum 20 key-value pairs. * Maximum 20 characters per key. * Maximum 80 characters per value. example: my_key_one: my_value_one my_key_two: my_value_two ErrorStatusCode: type: integer description: The corresponding HTTP status code for the error ErrorClassifier: type: string description: Technical code that helps to identify the error ErrorMessage: type: string description: Human readable representation of the error responses: 401_UnauthorizedError: description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/ErrorGeneric' example: code: 401 message: No valid means of authentication was provided classifier: UNAUTHORIZED 403_ForbiddenError: description: Forbidden content: application/json: schema: $ref: '#/components/schemas/ErrorGeneric' example: code: 403 message: Not allowed to access this resource or feature classifier: FORBIDDEN securitySchemes: APIKey: type: apiKey name: x-api-key in: header AdminToken: type: apiKey name: x-admin-token in: header ````