> ## Documentation Index
> Fetch the complete documentation index at: https://ngrok.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# List

> List all tunnel authtoken credentials on this account




## OpenAPI

````yaml https://raw.githubusercontent.com/ngrok/ngrok-openapi/refs/heads/main/ngrok.yaml get /credentials
openapi: 3.0.0
info:
  title: ngrok OpenAPI
  version: 1.0.0
servers:
  - url: https://api.ngrok.com
security:
  - authentication: []
paths:
  /credentials:
    get:
      tags:
        - Credentials
      summary: List
      description: |
        List all tunnel authtoken credentials on this account
      operationId: CredentialsList
      parameters:
        - $ref: '#/components/parameters/ngrokVersion'
        - name: before_id
          description: >
            Expects a resource ID as its input. Returns earlier entries in the
            result set, sorted by ID.
          in: query
          required: false
          schema:
            type: string
        - name: limit
          description: >
            Constrains the number of results in the dataset. See the [API
            Overview](https://ngrok.com/docs/api/index#pagination) for details.
          in: query
          required: false
          schema:
            type: string
        - name: filter
          description: >
            A CEL expression to filter the list results. Supports logical and
            comparison operators to match on fields such as `id`, `metadata`,
            `created_at`, and more. See ngrok API Filtering for syntax and field
            details: https://ngrok.com/docs/api/api-filtering.
          in: query
          required: false
          schema:
            type: string
      responses:
        '200':
          description: |
            List all tunnel authtoken credentials on this account
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/CredentialList'
components:
  parameters:
    ngrokVersion:
      name: ngrok-version
      in: header
      required: true
      schema:
        type: integer
        default: 2
  schemas:
    CredentialList:
      type: object
      properties:
        credentials:
          description: |
            the list of all tunnel credentials on this account
          type: array
          items:
            $ref: '#/components/schemas/Credential'
        uri:
          description: |
            URI of the tunnel credential list API resource
          type: string
        next_page_uri:
          description: |
            URI of the next page, or null if there is no next page
          type: string
    Credential:
      type: object
      properties:
        id:
          description: |
            unique tunnel credential resource identifier
          type: string
        uri:
          description: |
            URI of the tunnel credential API resource
          type: string
        created_at:
          description: |
            timestamp when the tunnel credential was created, RFC 3339 format
          type: string
        description:
          description: >
            human-readable description of who or what will use the credential to
            authenticate. Optional, max 255 bytes.
          type: string
        metadata:
          description: >
            arbitrary user-defined machine-readable data of this credential.
            Optional, max 4096 bytes.
          type: string
        token:
          description: >
            the credential's authtoken that can be used to authenticate an ngrok
            agent. **This value is only available one time, on the API response
            from credential creation, otherwise it is null.**
          type: string
        acl:
          description: >
            optional list of ACL rules. If unspecified, the credential will have
            no restrictions. The only allowed ACL rule at this time is the
            `bind` rule. The `bind` rule allows the caller to restrict what
            domains, addresses, and labels the token is allowed to bind. For
            example, to allow the token to open a tunnel on example.ngrok.io
            your ACL would include the rule `bind:example.ngrok.io`. Bind rules
            for domains may specify a leading wildcard to match multiple domains
            with a common suffix. For example, you may specify a rule of
            `bind:*.example.com` which will allow `x.example.com`,
            `y.example.com`, `*.example.com`, etc. Bind rules for labels may
            specify a wildcard key and/or value to match multiple labels. For
            example, you may specify a rule of `bind:*=example` which will allow
            `x=example`, `y=example`, etc. A rule of `'*'` is equivalent to no
            acl at all and will explicitly permit all actions.
          type: array
          items:
            type: string
        owner_id:
          description: >
            If supplied at credential creation, ownership will be assigned to
            the specified User or Service User. Only admins may specify an owner
            other than themselves. Defaults to the authenticated User or Service
            User. Accepts one of: User ID, User email, or SCIM User ID.
          type: string
  securitySchemes:
    authentication:
      type: http
      scheme: bearer

````