Rotating group access token with group token throws 401

I’m trying to write a key rotation script. I’ve want to rotate all keys, including self. However trying to rotate group access key returns { message: '401 Unauthorized' }.

The same logic works with a project token, but I need to have it on the group level so I can update it for other projects as well:

  let gitlab = new Gitlab(gitlabToken);
  const tokens = await gitlab.getGroupAccessTokens(19); // The group with the rotator token
  const key = tokens.find((token: any) => {
    return === 'Rotator' && token.revoked === false;

  const token = await gitlab.rotateGroupAccessToken(19, key); // This returns 401
  gitlab = new Gitlab(token.token);
  const t = await gitlab.updateProjectVariable(682, 'GITLAB_TOKEN', token.token);

Also how to properly query the correct access token? Seems like search api is not helpful and ordering doesn’t work when query access tokens

await this.axios.get(`/groups/${groupId}/access_tokens`, {
      params: {
        pagination: 'keyset',
        per_page: 10, // per page works
        order_by: 'id',
        sort: 'desc', // no difference with asc/desc