Skip to main content

Verify Token

GET 
/auth/v1/token/introspect

API Description

Verify if the token is valid. If the token is valid, it returns the token information (token_type, client_id, sub, scope, etc.)

Input Requirements:

  • Authorization: Current logged-in user's access_token (required, passed in request header, format Bearer xxx)
  • client_id: Client ID corresponding to the application (optional, defaults to environment ID)
  • x-device-id: Device ID (optional, current logged-in device ID)

Prerequisites:

  • Need valid access_token
  • Token is not expired and not revoked

Output:

  • If token is valid, returns token information (token_type, client_id, sub, scope, etc.)
  • If token is invalid, returns empty object

Verify Token Request Example

GET /auth/v1/token/introspect
Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2FwaS5leGFtcGxlLmNvbSIsInN1YiI6Ijk4NzY1NDMyMTAxMjM0NTY3ODkiLCJhdWQiOiJkZW1vLWFwcC0yZjhhOWMzZTFiNGQiLCJleHAiOjE3MzQ2NzU4ODksImlhdCI6MTczNDY2ODY4OSwic2NvcGUiOiJ1c2VyIn0.dGhpc19pc19hX2Zha2Vfc2lnbmF0dXJlX2Zvcl9leGFtcGxlX3B1cnBvc2VzX29ubHlfZG9fbm90X3VzZV9pbl9wcm9kdWN0aW9uX2Vudmlyb25tZW50X3RoaXNfaXNfbm90X3JlYWxfdG9rZW5fZGF0YQ
x-device-id: device_123456

Verify Token Response Example (Token Valid)

{
  "token_type": "Bearer",
  "client_id": "demo-app-2f8a9c3e1b4d",
  "sub": "9876543210123456789",
  "scope": "user sso"
}

Verify Token Response Example (Token Invalid)

{}

Usage Scenarios:

  • Client needs to verify if token is still valid
  • Perform token validity check before sensitive operations
  • Verify current token status when implementing token auto-refresh mechanism

Notes:

  • This API does not refresh token, only verifies current token validity
  • If token is expired or revoked, returns empty object
  • Recommend implementing token auto-refresh mechanism on client to avoid frequent calls to this API

Request

Query Parameters

    client_id string

    Client ID corresponding to the application, can be obtained from Cloud Development Platform -> Identity Authentication -> Development Settings. Defaults to environment ID, can be omitted

Header Parameters

    x-device-id string

    Device ID, the ID of the current logged-in device. The client should generate it randomly and cache it on the client. This parameter is related to the number of logged-in accounts.

    Authorization stringrequired

    The user's access_token, format is Bearer xxx

    Example: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2FwaS5leGFtcGxlLmNvbSIsInN1YiI6Ijk4NzY1NDMyMTAxMjM0NTY3ODkiLCJhdWQiOiJkZW1vLWFwcC0yZjhhOWMzZTFiNGQiLCJleHAiOjE3MzQ2NzU4ODksImlhdCI6MTczNDY2ODY4OSwic2NvcGUiOiJ1c2VyIn0.dGhpc19pc19hX2Zha2Vfc2lnbmF0dXJlX2Zvcl9leGFtcGxlX3B1cnBvc2VzX29ubHlfZG9fbm90X3VzZV9pbl9wcm9kdWN0aW9uX2Vudmlyb25tZW50X3RoaXNfaXNfbm90X3JlYWxfdG9rZW5fZGF0YQ

Body

    any

Responses

A successful response.

Response Headers
    Schema
      token_type string

      Token type

      client_id string

      Client ID of the application the token belongs to

      sub string

      User ID the token belongs to

      scope string

      Allowed scope of the token

    Loading...