Introspect Token

post https://{application_vanity_domain}/api/v1/oauth2/introspect

🛡️
OAuth 2 Compliant
This endpoint is compliant with the Token Introspection Endpoint specification.

🔐
Client Authentication
This API can only be called by confidential clients (i.e., BACKEND_SERVER and MACHINE_TO_MACHINE client types) and they must supply their client ID and secret in the Authorization header using the Basic Authentication scheme. For example, Authorization: Basic base64Encode(<client_id>:<client_secret>).

API that can be used to introspect the following tokens:

Access Token
Refresh Token
ID Token

Introspection can be used to assert that a token is valid and also extract the claims from the token. Typically, for performance benefits, token validation should be done locally instead of calling the Token Introspection Endpoint. However, in some cases it may be more convenient to call the Token Introspection Endpoint.

Language

Credentials

Basic

base64

URL

Click Try It! to start a request and see the response here!

Introspect Token

🛡️
OAuth 2 Compliant

🔐
Client Authentication