Scripts to check if LaunchDarkly access tokens meet a minimum API version requirement. Available in both Bash and PowerShell, with automatic pagination to fetch all tokens from your account.
- bash: Available on macOS/Linux
- curl: For making API requests
- jq: JSON processor (install instructions)
- macOS:
brew install jq - Linux:
apt-get install jqoryum install jq
- macOS:
Note: The PowerShell version has been tested on macOS with PowerShell 7 installed but has not yet been tested on Windows. Windows testing is planned. If you run into any issues on Windows, please open an issue.
- PowerShell 5.1+ (Windows) or PowerShell 7+ (macOS/Linux)
- No additional dependencies — uses built-in
Invoke-RestMethod
- ✅ Pagination Support: Automatically fetches all tokens (100 per page)
- ✅ Correct Version Detection: Uses
defaultApiVersionfield (YYYYMMDD format) - ✅ Service Token Detection: Shows if token is a service token or personal token
- ✅ Last Used Tracking: Displays when each token was last used
- ✅ Multiple Output Formats: Text (color-coded) or CSV export
- ✅ CSV Export: Export to file or stdout for further processing
- ✅ Comprehensive Summary: Shows total, passed, failed, and warning counts
- ✅ Flexible API Key Input: Environment variable or command-line argument
chmod +x check_launchdarkly_tokens.shNo installation required. If your execution policy blocks scripts:
Set-ExecutionPolicy -Scope CurrentUser RemoteSigned# Using environment variable
export LD_API_KEY="your-launchdarkly-api-key"
./check_launchdarkly_tokens.sh --min-version 20220603
# Using command line argument
./check_launchdarkly_tokens.sh --api-key "your-api-key" --min-version 20220603-k, --api-key KEY: LaunchDarkly API key (or setLD_API_KEYenvironment variable)-v, --min-version NUM: Minimum version required in YYYYMMDD format (default: 20240415)-o, --output FORMAT: Output format:textorcsv(default: text)-f, --file PATH: Output file path (only for CSV format)-h, --help: Show help message
# Using environment variable
$env:LD_API_KEY = "your-launchdarkly-api-key"
./Check-LaunchDarklyTokens.ps1 -MinVersion 20220603
# Using parameter
./Check-LaunchDarklyTokens.ps1 -ApiKey "your-api-key" -MinVersion 20220603-ApiKey: LaunchDarkly API key (or setLD_API_KEYenvironment variable)-MinVersion: Minimum version required in YYYYMMDD format (default: 20240415)-OutputFormat: Output format:TextorCSV(default: Text)-FilePath: Output file path (only for CSV format)
# Check if all tokens use API version 20220603 or higher (text output)
./check_launchdarkly_tokens.sh --api-key "api-key-here" --min-version 20220603
# Use environment variable for API key
export LD_API_KEY="api-key-here"
./check_launchdarkly_tokens.sh --min-version 20230101
# Check with default minimum version (20240415)
./check_launchdarkly_tokens.sh --api-key "api-key-here"
# Export results as CSV to a file
./check_launchdarkly_tokens.sh --api-key "api-key-here" --output csv --file tokens_report.csv
# Export as CSV to stdout (for piping to other commands)
./check_launchdarkly_tokens.sh --api-key "api-key-here" --output csv > report.csv
# Export as CSV and filter with other tools
./check_launchdarkly_tokens.sh --api-key "api-key-here" --output csv | grep "FAIL"# Check with a specific minimum version
./Check-LaunchDarklyTokens.ps1 -ApiKey "api-key-here" -MinVersion 20220603
# Use environment variable
$env:LD_API_KEY = "api-key-here"
./Check-LaunchDarklyTokens.ps1 -MinVersion 20230101
# Export results as CSV to a file
./Check-LaunchDarklyTokens.ps1 -ApiKey "api-key-here" -OutputFormat CSV -FilePath tokens_report.csv
# Export as CSV to stdout and filter
./Check-LaunchDarklyTokens.ps1 -ApiKey "api-key-here" -OutputFormat CSV | Select-String "FAIL"The script will display a table with:
- Name: Token name
- ID: Token ID
- Version: API version (YYYYMMDD format)
- Service: Whether it's a service token (Yes/No)
- Last Used: Date and time when token was last used
- Status: Color-coded PASS (green), FAIL (red), or WARNING (yellow)
CSV output includes the same columns (without color coding):
Name,ID,Version,Service Token,Last Used,Status
When using --file, the CSV is written to the specified file. Without --file, CSV is printed to stdout.
0: All tokens meet the minimum version requirement1: One or more tokens are below the minimum version, or an error occurred
- Pagination: The script fetches tokens in batches of 100 (configurable via
PAGE_LIMIT) - Data Extraction: Reads
defaultApiVersion,serviceToken, andlastUsedfields from each token - Comparison: Compares each token's version against the minimum required version
- Formatting: Converts timestamps to readable dates and formats output as text or CSV
- Results: Color-codes text output and provides a summary
CSV output is perfect for:
./check_launchdarkly_tokens.sh --api-key "key" --output csv --file tokens.csv
# Open tokens.csv in Excel or Google Sheets./check_launchdarkly_tokens.sh --api-key "key" --output csv | grep "Never"./check_launchdarkly_tokens.sh --api-key "key" --output csv | grep ",Yes,"./check_launchdarkly_tokens.sh --api-key "key" --output csv | grep "FAIL"# Count tokens by status
./check_launchdarkly_tokens.sh --api-key "key" --output csv | tail -n +2 | cut -d',' -f6 | sort | uniq -c
# Extract only token IDs that failed
./check_launchdarkly_tokens.sh --api-key "key" --output csv | grep "FAIL" | cut -d',' -f2If needed, you can adjust these configuration values in the script:
- Page size (line 12): Change
PAGE_LIMIT=100to fetch more/fewer tokens per request - Default minimum version (line 10): Adjust
MIN_VERSIONdefault value (e.g.,20240415) - Default output format (line 13): Change
OUTPUT_FORMAT="text"to"csv"if desired - Date format (line 202): Modify the date format string in
epoch_to_date()function - Column widths (lines 212, 263): Adjust
printfformat strings for different column widths
Fetching LaunchDarkly access tokens...
Minimum version required: 20240415
Total tokens in account: 5
Fetching all tokens...
Processing 5 tokens...
======================================================================================================================================================================
Name | ID | Version | Service | Last Used | Status
======================================================================================================================================================================
Production API Token | 61095542756dba551110ae21 | 20240415 | No | 2024-10-15 14:30:22 | [PASS]
Development Token | 507f191e810c19729d123456 | 20240415 | Yes | 2024-10-26 09:15:43 | [PASS]
Legacy Token | 507f1f77bcf86cd700abcdef | 20210101 | No | 2023-05-12 16:45:00 | [FAIL]
Staging Token | 507f191e810c19729e456789 | 20240520 | Yes | 2024-10-27 10:22:11 | [PASS]
Test Token | 507f1f77bcf86cd701234567 | N/A | No | Never | [WARNING: No version]
==========================================
Summary:
Total tokens: 5
Passed: 3
Failed: 1
Warnings: 1
==========================================
Name,ID,Version,Service Token,Last Used,Status
"Production API Token",61095542756dba551110ae21,20240415,No,"2024-10-15 14:30:22",PASS
"Development Token",507f191e810c19729d123456,20240415,Yes,"2024-10-26 09:15:43",PASS
"Legacy Token",507f1f77bcf86cd700abcdef,20210101,No,"2023-05-12 16:45:00",FAIL
"Staging Token",507f191e810c19729e456789,20240520,Yes,"2024-10-27 10:22:11",PASS
"Test Token",507f1f77bcf86cd701234567,N/A,No,"Never",WARNINGNote: If you have more than 100 tokens, the script will automatically fetch all pages and show progress.
Install jq using your package manager:
- macOS:
brew install jq - Ubuntu/Debian:
sudo apt-get install jq - CentOS/RHEL:
sudo yum install jq
The PowerShell version does not require jq.
Your API key is invalid or has expired. Check that you're using the correct key with proper permissions.
Some tokens may not have a defaultApiVersion field set. This typically happens with older tokens. You can:
- Update those tokens in LaunchDarkly to use a specific API version
- Consider these as warnings and focus on the failed tokens
To inspect a token's structure:
curl https://app.launchdarkly.com/api/v2/tokens \
-H "Authorization: your-api-key" | jq '.items[0]'LaunchDarkly API versions use YYYYMMDD format (e.g., 20220603). The defaultApiVersion field determines which version of the API the token will use by default. Older API versions may be deprecated over time, so it's important to ensure your tokens use recent versions.
The lastUsed field shows when a token was last used to make an API call:
- Never: Token has never been used (consider if it's still needed)
- Recent date: Token is actively being used
- Old date: Token may be stale or only used occasionally
This information is helpful for:
- Identifying unused tokens that can be safely removed
- Finding tokens that haven't been updated but are still in use
- Auditing token usage patterns
- Service Token (Yes): Programmatic tokens for automated systems, integrations, CI/CD pipelines
- Personal Token (No): Tokens tied to individual user accounts
Service tokens are typically preferred for production systems as they're not tied to a specific user.
Contributions are welcome! Please open an issue or submit a pull request.
This project is licensed under the Apache License, Version 2.0. See the LICENSE file for details.
This repository is maintained by LaunchDarkly Labs. While we try to keep it up to date, it is not officially supported by LaunchDarkly. For officially supported SDKs and tools, visit https://launchdarkly.com