OIDC / OAuth 2.0
Token Introspection
Validate a token and retrieve its metadata. Use this from resource servers to verify caller tokens.
POST
/
api
/
v1
/
oauth
/
introspect
Token Introspection
curl --request POST \
--url https://uat.gateway.verify-group.io/api/v1/oauth/introspect \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '
{
"token": "<string>",
"token_type_hint": "<string>"
}
'import requests
url = "https://uat.gateway.verify-group.io/api/v1/oauth/introspect"
payload = {
"token": "<string>",
"token_type_hint": "<string>"
}
headers = {
"Authorization": "Bearer <token>",
"Content-Type": "application/json"
}
response = requests.post(url, json=payload, headers=headers)
print(response.text)const options = {
method: 'POST',
headers: {Authorization: 'Bearer <token>', 'Content-Type': 'application/json'},
body: JSON.stringify({token: '<string>', token_type_hint: '<string>'})
};
fetch('https://uat.gateway.verify-group.io/api/v1/oauth/introspect', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://uat.gateway.verify-group.io/api/v1/oauth/introspect",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => json_encode([
'token' => '<string>',
'token_type_hint' => '<string>'
]),
CURLOPT_HTTPHEADER => [
"Authorization: Bearer <token>",
"Content-Type: application/json"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "https://uat.gateway.verify-group.io/api/v1/oauth/introspect"
payload := strings.NewReader("{\n \"token\": \"<string>\",\n \"token_type_hint\": \"<string>\"\n}")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("Authorization", "Bearer <token>")
req.Header.Add("Content-Type", "application/json")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(string(body))
}HttpResponse<String> response = Unirest.post("https://uat.gateway.verify-group.io/api/v1/oauth/introspect")
.header("Authorization", "Bearer <token>")
.header("Content-Type", "application/json")
.body("{\n \"token\": \"<string>\",\n \"token_type_hint\": \"<string>\"\n}")
.asString();require 'uri'
require 'net/http'
url = URI("https://uat.gateway.verify-group.io/api/v1/oauth/introspect")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)
request["Authorization"] = 'Bearer <token>'
request["Content-Type"] = 'application/json'
request.body = "{\n \"token\": \"<string>\",\n \"token_type_hint\": \"<string>\"\n}"
response = http.request(request)
puts response.read_body{
"active": true,
"sub": "<string>",
"client_id": "<string>",
"scope": "<string>",
"exp": 123,
"org_id": "<string>"
}Allows resource servers to verify tokens without decoding JWT secrets.
The access or refresh token to inspect.
Hint:
access_token or refresh_token.Whether the token is valid and not expired.
Subject (user UUID).
Client that requested the token.
Granted scopes.
Expiry timestamp (Unix).
Organisation UUID.
Previous
Token RevocationRevoke an access token or refresh token. Returns 200 even if the token was not found.
Next
⌘I
Token Introspection
curl --request POST \
--url https://uat.gateway.verify-group.io/api/v1/oauth/introspect \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '
{
"token": "<string>",
"token_type_hint": "<string>"
}
'import requests
url = "https://uat.gateway.verify-group.io/api/v1/oauth/introspect"
payload = {
"token": "<string>",
"token_type_hint": "<string>"
}
headers = {
"Authorization": "Bearer <token>",
"Content-Type": "application/json"
}
response = requests.post(url, json=payload, headers=headers)
print(response.text)const options = {
method: 'POST',
headers: {Authorization: 'Bearer <token>', 'Content-Type': 'application/json'},
body: JSON.stringify({token: '<string>', token_type_hint: '<string>'})
};
fetch('https://uat.gateway.verify-group.io/api/v1/oauth/introspect', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://uat.gateway.verify-group.io/api/v1/oauth/introspect",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => json_encode([
'token' => '<string>',
'token_type_hint' => '<string>'
]),
CURLOPT_HTTPHEADER => [
"Authorization: Bearer <token>",
"Content-Type: application/json"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "https://uat.gateway.verify-group.io/api/v1/oauth/introspect"
payload := strings.NewReader("{\n \"token\": \"<string>\",\n \"token_type_hint\": \"<string>\"\n}")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("Authorization", "Bearer <token>")
req.Header.Add("Content-Type", "application/json")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(string(body))
}HttpResponse<String> response = Unirest.post("https://uat.gateway.verify-group.io/api/v1/oauth/introspect")
.header("Authorization", "Bearer <token>")
.header("Content-Type", "application/json")
.body("{\n \"token\": \"<string>\",\n \"token_type_hint\": \"<string>\"\n}")
.asString();require 'uri'
require 'net/http'
url = URI("https://uat.gateway.verify-group.io/api/v1/oauth/introspect")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)
request["Authorization"] = 'Bearer <token>'
request["Content-Type"] = 'application/json'
request.body = "{\n \"token\": \"<string>\",\n \"token_type_hint\": \"<string>\"\n}"
response = http.request(request)
puts response.read_body{
"active": true,
"sub": "<string>",
"client_id": "<string>",
"scope": "<string>",
"exp": 123,
"org_id": "<string>"
}