Introspect Token


🛡️

OAuth 2 Compliant

This endpoint is compliant with the Token Introspection Endpoint specification.

🔐

Client Authentication

This API can only be called by confidential clients (i.e., BACKEND_SERVER and MACHINE_TO_MACHINE client types) and they must supply their client ID and secret in the Authorization header using the Basic Authentication scheme. For example, Authorization: Basic base64Encode(<client_id>:<client_secret>).

This API can be used to introspect the following tokens:

  • Access Token
  • Refresh Token
  • ID Token

Introspection can be used to verify that a token is valid and to extract its claims. However, for performance benefits, token validation should be performed locally rather than calling this API.

Language
Credentials
Basic
base64
:
URL
Click Try It! to start a request and see the response here!