findSelfToken($tokenUuid, $userId, ApiAuth::scopedTenantId(), ApiAuth::tokenId()); if (!$token) { ApiResponse::notFound(); } $method = $request->method(); if ($method === 'GET') { ApiResponse::success([ 'data' => [ 'uuid' => (string) ($token['uuid'] ?? ''), 'name' => (string) ($token['name'] ?? ''), 'selector_prefix' => substr((string) ($token['selector'] ?? ''), 0, 8), 'tenant_uuid' => $token['tenant_uuid'] ?? null, 'last_used_at' => $token['last_used_at'] ?? null, 'last_ip' => (string) ($token['last_ip'] ?? ''), 'expires_at' => $token['expires_at'] ?? null, 'revoked_at' => $token['revoked_at'] ?? null, 'created' => $token['created'] ?? null, 'is_current_token' => (int) ($token['id'] ?? 0) === (int) (ApiAuth::tokenId() ?? 0), ], ]); } if ($method === 'DELETE') { $revoked = $apiTokenEndpointService->revokeSelfToken($tokenUuid, $userId); if (!$revoked) { ApiResponse::error('revoke_failed', 422); } ApiResponse::noContent(); } ApiResponse::methodNotAllowed();