Introspect an access token

Introspect an OAuth 2.0 access or refresh token using an OAuth 2.0 client ID/secret pair. Note: there is a know issue for this endpoint, whereby the expiry for refresh tokens in the response is incorrect. However, expired refresh tokens will still return a response with active: false.

application/x-www-form-urlencoded

Request Body

• token string required
• token_type_hint string

  Possible values: [access_token, refresh_token, authorize_code, id_token]

• scope string

  List of OAuth2 scopes, delimited with spaces.

Responses

• 200
• 400

---

OK

application/json

• Schema
• Example (from schema)

---

Schema

• active boolean

  Whether the token is active. False for invalid and expired tokens, and tokens that are not granted the scopes specified in the request.

• client_id string

  The client ID used to create this token. Only included if active is true.

• exp integer

  The expiration timestamp of the token. Only included if active is true.

• iat integer

  The timestamp when the token was issued. Only included if active is true.

• scope string

  The scope granted to the token. Only included if active is true.

{
  "active": true,
  "client_id": "string",
  "exp": 0,
  "iat": 0,
  "scope": "string"
}

Bad Request

application/json

• Schema
• Example (from schema)

---

Schema

• meta object

  pagination object

  limit integer

  offset integer

  total_count int64
• errors object[]

  httpcode integer

  message string

{
  "meta": {
    "pagination": {
      "limit": 0,
      "offset": 0,
      "total_count": 0
    }
  },
  "errors": [
    {
      "httpcode": 0,
      "message": "string"
    }
  ]
}