Skip to main content
Glama
monitoringartist

LogicMonitor MCP Server

list_api_tokens

Read-only

Lists API tokens for a specific LogicMonitor user, enabling you to audit API access, check last usage, and identify unused or stale tokens.

Instructions

List API tokens for a specific user in LogicMonitor (LM) monitoring.

Returns: Array of API tokens for specified user with: id, note (description), created date, last used date, status (active/inactive), access ID, roles inherited from user.

What are API tokens: Authentication credentials for LogicMonitor REST API. Alternative to username/password for programmatic access. Each token inherits permissions from its user.

When to use:

  • Audit API access per user

  • Find unused/stale tokens for security cleanup

  • Check last usage time

  • Inventory API integrations

  • Before creating new token (check if existing one available)

Security considerations:

  • Each token has Access ID and Access Key (like username/password for API)

  • Token inherits all permissions from user (if user is admin, token has admin rights)

  • Tokens never expire automatically (must be manually revoked)

  • Last used date helps identify unused tokens that should be removed

Common use cases:

  • Security audit: "Find all API tokens, check last usage, remove stale ones"

  • Integration tracking: "Which integrations are using this user's tokens?"

  • Access review: "What API access does this user have?"

  • Token rotation: "List all tokens before rotating credentials"

Best practices:

  • Create service accounts (dedicated users) for API integrations instead of personal user tokens

  • Add descriptive notes to tokens (e.g., "Terraform automation", "Grafana integration")

  • Regularly audit and remove unused tokens (check lastUsedOn timestamp)

  • Use least-privilege: Create users with minimal required permissions, then create tokens for those users

Security workflow:

  • List all users with "list_users"

  • For each user, use this tool to check their API tokens

  • Review lastUsedOn - if >90 days, consider revoking

  • Check note field to understand token purpose

Workflow: Use this tool with userId from "list_users" to audit that user's API access.

Important: A negative "total" value in the response indicates incomplete results. Use pagination (size/offset parameters) or set autoPaginate: true to retrieve all items.

Related tools: "list_users" (find userId), "create_api_token" (generate new), "delete_api_token" (revoke access).

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
userIdYesThe user ID
sizeNoNumber of results per page (default: 50, max: 1000).
offsetNoStarting offset for pagination (default: 0). Use this to skip a specific number of results.
autoPaginateNoAutomatically fetch all pages (default: false). When true, fetches all results across multiple pages. When false, returns only the requested page. Use false for large result sets to avoid long response times.
filterNoFilter expression using LogicMonitor query syntax. Examples: name:*prod*, displayName~*server*, id>100, hostStatus:normal. Available operators: : (equals), ~ (includes), !: (not equals), !~ (not includes), >: (greater than or equals), <: (less than or equals), > (greater than), < (less than). Multiple conditions: Use comma (,) for AND, use || for OR. Do NOT use &&.
fieldsNoComma-separated list of fields to include in response. Examples: "id,displayName,hostStatus" or use "*" for all fields. Omit this parameter to receive a curated set of commonly used fields.
Behavior5/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

The annotations say readOnlyHint=true, and the description adds important behavioral details: negative 'total' indicates incomplete results, pagination behavior, and security considerations about token permissions, going beyond annotations.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is well-organized with sections, but is quite long and includes some redundant explanation (e.g., what are API tokens) that an AI might not need. Still, it is structured and front-loaded with key info.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness5/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool's complexity (6 params, no output schema), the description is thoroughly complete: it covers return fields, use cases, best practices, workflows, and edge cases like negative total. No output schema needed due to detailed description.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema coverage is 100% so baseline is 3; the description adds context (e.g., userId from list_users) and an important note about autoPaginate, but does not significantly enhance parameter meaning beyond the schema.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool lists API tokens for a specific user, and includes a workflow linking to sibling tools like 'create_api_token' and 'delete_api_token', distinguishing it well.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines5/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides a dedicated 'When to use' section with specific scenarios (audit, find stale tokens, inventory), a 'Security workflow', and mentions related tools, giving clear guidance on when and how to use.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/monitoringartist/logicmonitor-mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server