Introspect Token

🛡️

OAuth 2 Compliant

This endpoint is compliant with the Token Introspection Endpoint specification.

🔐

Client Authentication

This API can only be called by confidential clients (i.e., BACKEND_SERVER and MACHINE_TO_MACHINE client types) and they must supply their client ID and secret in the Authorization header using the Basic Authentication scheme. For example, Authorization: Basic base64Encode(<client_id>:<client_secret>).

API that can be used to introspect the following tokens:

  • Access Token
  • Refresh Token
  • ID Token

Introspection can be used to assert that a token is valid and also extract the claims from the token. Typically, for performance benefits, token validation should be done locally instead of calling the Token Introspection Endpoint. However, in some cases it may be more convenient to call the Token Introspection Endpoint.

Language
Credentials
Basic
base64
:
URL
Click Try It! to start a request and see the response here!