🛡️
OAuth 2 Compliant
This endpoint is compliant with the Token Introspection Endpoint specification.

🔐
Client Authentication
This API can only be called by confidential clients (i.e., BACKEND_SERVER and MACHINE_TO_MACHINE client types) and they must supply their client ID and secret in the Authorization header using the Basic Authentication scheme. For example, Authorization: Basic base64Encode(<client_id>:<client_secret>).

This API can be used to introspect the following tokens:

Access Token
Refresh Token
ID Token

Introspection can be used to verify that a token is valid and to extract its claims. However, for performance benefits, token validation should be performed locally rather than calling this API.

200OK

400Bad Request

401Unauthorized

405Method Not Allowed

406Not Acceptable

415Unsupported Media Type

500Internal Server Error

503Service Unavailable