Verify Token

GET 
/auth/v1/token/introspect

API Description

Verify if the token is valid. If the token is valid, it returns the token information (token_type, client_id, sub, scope, etc.)

Input Requirements:

• Authorization: Current logged-in user's access_token (required, passed in request header, format Bearer xxx)
• client_id: Client ID corresponding to the application (optional, defaults to environment ID)
• x-device-id: Device ID (optional, current logged-in device ID)

Prerequisites:

• Need valid access_token
• Token is not expired and not revoked

Output:

• If token is valid, returns token information (token_type, client_id, sub, scope, etc.)
• If token is invalid, returns empty object

Verify Token Request Example

GET /auth/v1/token/introspect
Authorization: Bearer your_access_token
x-device-id: device_123456

Verify Token Response Example (Token Valid)

{
  "token_type": "Bearer",
  "client_id": "demo-app-2f8a9c3e1b4d",
  "sub": "9876543210123456789",
  "scope": "user sso"
}

Verify Token Response Example (Token Invalid)

{}

Usage Scenarios:

• Client needs to verify if token is still valid
• Perform token validity check before sensitive operations
• Verify current token status when implementing token auto-refresh mechanism

Notes:

• This API does not refresh token, only verifies current token validity
• If token is expired or revoked, returns empty object
• Recommend implementing token auto-refresh mechanism on client to avoid frequent calls to this API

Request

Responses

200

A successful response.

Response Headers

500

An unexpected error response.

Response Headers