post https://{application_vanity_domain}/api/v1/oauth2/introspect
OAuth 2 CompliantThis endpoint is compliant with the Token Introspection Endpoint specification.
Client AuthenticationThis API can only be called by confidential clients (i.e.,
BACKEND_SERVER
andMACHINE_TO_MACHINE
client types) and they must supply their client ID and secret in theAuthorization
header using the Basic Authentication scheme. For example,Authorization: Basic base64Encode(<client_id>:<client_secret>)
.
This API can be used to introspect the following tokens:
- Access Token
- Refresh Token
- ID Token
Introspection can be used to verify that a token is valid and to extract its claims. However, for performance benefits, token validation should be performed locally rather than calling this API.