diff --git a/API.md b/API.md
index 0abd0e8..78b3d6d 100644
--- a/API.md
+++ b/API.md
@@ -40,18 +40,24 @@ Enter host password for user 'jdoe':
 
 ##### GET /token/&lt;token&gt;
 
-Get information about an existing token.
+Get information about an existing token (including associated VMs).
 
 ```
-$ curl -u jdoe --url vmpooler.company.com/api/v1/token/utpg2i2xswor6h8ttjhu3d47z53yy47y
-Enter host password for user 'jdoe':
+$ curl --url vmpooler.company.com/api/v1/token/utpg2i2xswor6h8ttjhu3d47z53yy47y
 ```
 ```json
 {
   "ok": true,
   "utpg2i2xswor6h8ttjhu3d47z53yy47y": {
     "user": "jdoe",
-    "timestamp": "2015-04-28 19:17:47 -0700"
+    "created": "2015-04-28 19:17:47 -0700",
+    "last": "2015-11-04 12:28:37 -0700",
+    "vms": {
+      "running": [
+        "dqs4914g2wjyy5w",
+        "hul7ib0ssr0f4o0"
+      ]
+    }
   }
 }
 ```
diff --git a/lib/vmpooler/api/v1.rb b/lib/vmpooler/api/v1.rb
index 33a55fa..3cbbdd0 100644
--- a/lib/vmpooler/api/v1.rb
+++ b/lib/vmpooler/api/v1.rb
@@ -201,17 +201,22 @@ module Vmpooler
       result = { 'ok' => false }
 
       if Vmpooler::API.settings.config[:auth]
-        status 401
-
-        need_auth!
-
         token = backend.hgetall('vmpooler__token__' + params[:token])
 
         if not token.nil? and not token.empty?
           status 200
+
+          pools.each do |pool|
+            backend.smembers('vmpooler__running__' + pool['name']).each do |vm|
+              if backend.hget('vmpooler__vm__' + vm, 'token:token') == params[:token]
+                token['vms'] ||= {}
+                token['vms']['running'] ||= []
+                token['vms']['running'].push(vm)
+              end
+            end
+          end
+
           result = { 'ok' => true, params[:token] => token }
-        else
-          status 404
         end
       end
 
diff --git a/spec/vmpooler/api/v1_spec.rb b/spec/vmpooler/api/v1_spec.rb
index 5f7643a..acb57a7 100644
--- a/spec/vmpooler/api/v1_spec.rb
+++ b/spec/vmpooler/api/v1_spec.rb
@@ -120,24 +120,23 @@ describe Vmpooler::API::V1 do
       end
 
       context '(auth configured)' do
-        before do
-          allow(redis).to receive(:hgetall).and_return 'atoken'
-        end
+        let(:config) { {
+          auth: true,
+          pools: [
+            {'name' => 'pool1', 'size' => 5}
+          ]
+        } }
 
-        let(:config) { { auth: true } }
-
-        it 'returns a 401 if not authed' do
-          get "#{prefix}/token/this"
-
-          expect_json(ok = false, http = 401)
-        end
-
-        it 'returns a token if authed' do
-          authorize 'admin', 's3cr3t'
+        it 'returns a token' do
+          expect(redis).to receive(:hgetall).with('vmpooler__token__this').and_return({'user' => 'admin'})
+          expect(redis).to receive(:smembers).with('vmpooler__running__pool1').and_return(['vmhostname'])
+          expect(redis).to receive(:hget).with('vmpooler__vm__vmhostname', 'token:token').and_return('this')
 
           get "#{prefix}/token/this"
 
-          expect(last_response.body).to include('"this": "atoken"')
+          expect(JSON.parse(last_response.body)['ok']).to eq(true)
+          expect(JSON.parse(last_response.body)['this']['user']).to eq('admin')
+          expect(JSON.parse(last_response.body)['this']['vms']['running']).to include('vmhostname')
 
           expect_json(ok = true, http = 200)
         end