# View tokens

Use the tickers API to retrieve tokens by classification state. Ripple Custody uses an Allowlist-Only visibility model where tokens are filtered by their validation and lock status.

The Token Management feature uses the existing Tickers API. No new endpoints are required—classification is controlled through the `validationStatus` and `lock` query parameters.

## Prerequisites

Before retrieving tokens, you need the following:

| Prerequisite | Additional information |
|  --- | --- |
| API authentication | [Authenticate API requests](/products/custody/v1.36/identity-and-access/authentication/authenticate-api-requests) |


## Get allowlisted tokens

To retrieve tokens that are approved and visible in the UI:


```http
GET /v1/tickers?validationStatus=Validated&lock=Unlocked
```

See [List tickers](/products/custody/v1.36/reference/api/openapi/tickers/gettickers) for the complete API reference.

## Get unclassified tokens

To retrieve tokens that have not been reviewed:


```http
GET /v1/tickers?validationStatus=NonValidated&lock=Unlocked
```

## Get denylisted tokens

To retrieve tokens that have been blocked:


```http
GET /v1/tickers?validationStatus=Validated&lock=Locked
```

## Query parameters

The following parameters filter the token list. For the complete parameter reference, see [List tickers](/products/custody/v1.36/reference/api/openapi/tickers/gettickers).

| Parameter | Type | Values | Description |
|  --- | --- | --- | --- |
| `validationStatus` | string | `Validated`, `NonValidated` | Filter by validation status |
| `lock` | string array | `Locked`, `Unlocked`, `Archived` | Filter by lock status |
| `ledgerId` | string array | — | Filter by ledger ID |
| `kind` | string | `Native`, `Contract` | Filter by token kind |
| `name` | string array | — | Filter by token name (partial match) |
| `symbol` | string array | — | Filter by token symbol (partial match) |
| `limit` | integer | 1-100 | Number of results to return |
| `startingAfter` | UUID | — | Pagination cursor |
| `sortBy` | string | `id`, `ledgerId`, `kind`, `name`, `symbol` | Sort field |
| `sortOrder` | string | `Asc`, `Desc` | Sort direction |


## Response example

Each ticker is returned with its canonical payload in `data` and a base64 `signature` over the canonicalised `data` object. The top-level fields outside `data` are duplicates kept for backward compatibility — `id`, `ledgerId`, `name`, `decimals`, and `symbol` are marked `deprecated` in the OpenAPI spec; `kind` and `ledgerDetails` are retained as mirrors. For the full verification procedure, see [Verifying custody signatures](/products/custody/v1.36/overview/security/data-integrity-and-audit-trail#verifying-custody-signatures).

The `signature` covers the canonicalised `data` object only. The duplicate fields at the top level (`id`, `ledgerId`, `kind`, `name`, `decimals`, `symbol`, `ledgerDetails`) are **not** covered by the signature — they could be modified in transit without the signature noticing. Verify the signature against `data` and read all trusted values from `data.*`.


```json
{
  "items": [
    {
      "id": "4773918e-0d63-4a5b-bfd7-1edc664c3b20",
      "ledgerId": "xrpl-testnet",
      "kind": "Native",
      "name": "XRP Testnet",
      "decimals": 6,
      "symbol": "tXRP",
      "ledgerDetails": {
        "properties": { "type": "Native" },
        "type": "XRPL"
      },
      "data": {
        "id": "4773918e-0d63-4a5b-bfd7-1edc664c3b20",
        "ledgerId": "xrpl-testnet",
        "kind": "Native",
        "name": "XRP Testnet",
        "decimals": 6,
        "symbol": "tXRP",
        "ledgerDetails": {
          "properties": { "type": "Native" },
          "type": "XRPL"
        },
        "lock": "Unlocked",
        "metadata": {
          "description": null,
          "revision": 1,
          "createdAt": "2026-04-15T14:38:34.170Z",
          "createdBy": { "id": "00000000-0000-0000-0000-000000000001", "domainId": "00000000-0000-0000-0000-000000000000" },
          "lastModifiedAt": "2026-04-15T14:38:34.170Z",
          "lastModifiedBy": { "id": "00000000-0000-0000-0000-000000000001", "domainId": "00000000-0000-0000-0000-000000000000" },
          "customProperties": {}
        }
      },
      "signature": "MEQCIE7r05J6iEmhbA5bUG3Zs0Gg67/u0W+L6phTvq557ZQGAiAcofyacCgtzbNZddmeEXdh8hgM8NKMI1d3yiIZG764kw=="
    }
  ],
  "count": 1,
  "currentStartingAfter": null,
  "nextStartingAfter": "4773918e-0d63-4a5b-bfd7-1edc664c3b20"
}
```

Use `nextStartingAfter` as the `startingAfter` cursor on a subsequent request to page through results. When the response returns `nextStartingAfter` as `null`, you have reached the end of the list.

## Response fields

Fields at the top level of each item duplicate values inside `data` and are kept for compatibility. `id`, `ledgerId`, `name`, `decimals`, and `symbol` are explicitly marked `deprecated` in the OpenAPI spec; `kind` and `ledgerDetails` are retained alongside their `data.*` counterparts. None of the duplicated top-level fields are covered by `signature` — they must not be used for any decision that depends on response integrity. Verify the signature against `data` (see [Verifying custody signatures](/products/custody/v1.36/overview/security/data-integrity-and-audit-trail#verifying-custody-signatures)) and treat `data.*` as the source of truth.

| Field | Type | Description |
|  --- | --- | --- |
| `data.id` | UUID | Unique token identifier |
| `data.ledgerId` | string | Blockchain network identifier |
| `data.kind` | string | `Native` for native tokens, `Contract` for smart contract tokens |
| `data.name` | string | Token display name |
| `data.symbol` | string | Token ticker symbol |
| `data.decimals` | integer | Decimal precision for the token |
| `data.ledgerDetails` | object | Ledger-specific token properties |
| `data.lock` | string | `Locked`, `Unlocked`, or `Archived` |
| `data.metadata` | object | Entity metadata: `revision`, `createdAt`/`createdBy`, `lastModifiedAt`/`lastModifiedBy`, `customProperties`. |
| `signature` | string | Base64 signature over the canonicalised `data` payload. |


Note: `validationStatus` is a query-parameter filter only — the response items do not include it as a field.

## Get a single token

To retrieve details for a specific token by ID, use the [Get ticker](/products/custody/v1.36/reference/api/openapi/tickers/getticker) operation: `GET /v1/tickers/{tickerId}`.

The response is a single ticker with the same shape as each `items[]` entry in the [list response example](#response-example) above — without the `items` / `count` / `currentStartingAfter` / `nextStartingAfter` envelope.

## Related topics

- [Token Management concepts](/products/custody/v1.36/accounts-and-assets/tokenization/token-management)
- [Allowlist tokens](/products/custody/v1.36/accounts-and-assets/tokenization/token-management/api/allowlist-token)
- [Denylist tokens](/products/custody/v1.36/accounts-and-assets/tokenization/token-management/api/denylist-token)
- [Restore tokens](/products/custody/v1.36/accounts-and-assets/tokenization/token-management/api/restore-token)
- [API reference: List tickers](/products/custody/v1.36/reference/api/openapi/tickers/gettickers)
- [API reference: Get ticker](/products/custody/v1.36/reference/api/openapi/tickers/getticker)