diff --git a/API.md b/API.md
index 0abd0e8..b3aa0e8 100644
--- a/API.md
+++ b/API.md
@@ -40,7 +40,7 @@ Enter host password for user 'jdoe':
 
 ##### GET /token/&lt;token&gt;
 
-Get information about an existing token.
+Get information about an existing token (including associated VMs).
 
 ```
 $ curl -u jdoe --url vmpooler.company.com/api/v1/token/utpg2i2xswor6h8ttjhu3d47z53yy47y
@@ -51,7 +51,14 @@ Enter host password for user 'jdoe':
   "ok": true,
   "utpg2i2xswor6h8ttjhu3d47z53yy47y": {
     "user": "jdoe",
-    "timestamp": "2015-04-28 19:17:47 -0700"
+    "created": "2015-04-28 19:17:47 -0700",
+    "last": "2015-11-04 12:28:37 -0700",
+    "vms": {
+      "running": [
+        "dqs4914g2wjyy5w",
+        "hul7ib0ssr0f4o0"
+      ]
+    }
   }
 }
 ```
diff --git a/lib/vmpooler/api/v1.rb b/lib/vmpooler/api/v1.rb
index 33a55fa..e0a99b0 100644
--- a/lib/vmpooler/api/v1.rb
+++ b/lib/vmpooler/api/v1.rb
@@ -209,6 +209,17 @@ module Vmpooler
 
         if not token.nil? and not token.empty?
           status 200
+
+          pools.each do |pool|
+            backend.smembers('vmpooler__running__' + pool['name']).each do |vm|
+              if backend.hget('vmpooler__vm__' + vm, 'token:token') == params[:token]
+                token['vms'] ||= {}
+                token['vms']['running'] ||= []
+                token['vms']['running'].push(vm)
+              end
+            end
+          end
+
           result = { 'ok' => true, params[:token] => token }
         else
           status 404
diff --git a/spec/vmpooler/api/v1_spec.rb b/spec/vmpooler/api/v1_spec.rb
index 5f7643a..bfef681 100644
--- a/spec/vmpooler/api/v1_spec.rb
+++ b/spec/vmpooler/api/v1_spec.rb
@@ -120,11 +120,12 @@ describe Vmpooler::API::V1 do
       end
 
       context '(auth configured)' do
-        before do
-          allow(redis).to receive(:hgetall).and_return 'atoken'
-        end
-
-        let(:config) { { auth: true } }
+        let(:config) { {
+          auth: true,
+          pools: [
+            {'name' => 'pool1', 'size' => 5}
+          ]
+        } }
 
         it 'returns a 401 if not authed' do
           get "#{prefix}/token/this"
@@ -133,11 +134,17 @@ describe Vmpooler::API::V1 do
         end
 
         it 'returns a token if authed' do
+          expect(redis).to receive(:hgetall).with('vmpooler__token__this').and_return({'user' => 'admin'})
+          expect(redis).to receive(:smembers).with('vmpooler__running__pool1').and_return(['vmhostname'])
+          expect(redis).to receive(:hget).with('vmpooler__vm__vmhostname', 'token:token').and_return('this')
+
           authorize 'admin', 's3cr3t'
 
           get "#{prefix}/token/this"
 
-          expect(last_response.body).to include('"this": "atoken"')
+          expect(JSON.parse(last_response.body)['ok']).to eq(true)
+          expect(JSON.parse(last_response.body)['this']['user']).to eq('admin')
+          expect(JSON.parse(last_response.body)['this']['vms']['running']).to include('vmhostname')
 
           expect_json(ok = true, http = 200)
         end