The introspection endpoint can be used to validate reference tokens. validates whether a token has access to the API resource and if the token is active. Authentication at the introspection endpoint occurs using the API resource's secret

Request

Code Block

POST https://idp.coreone.ch/connect/introspect
Authorization: Basic base64({api_resource_name}:{api_resource_secret})
Content-Type: application/x-www-form-urlencoded

token={access_token}&token_type_hint='access_token'

Repsonse

Code

Message

200

Code Block

language	json

{
  "active": "boolean",
  "claims": ["String"],
  "isError": "boolean",
  "Error": "String"
}

400

invalid request

401

unauthorized request

Info
Note: Before working with the response, always check if the `IsError` property is set to make sure the request was successful.

Revocation Endpoint

The revocation endpoint allows the revocation of access and refresh tokens.

...

Version	Old Version 2	New Version 3
Changes made by	Rehan Agarwal	Rehan Agarwal
Saved on	01. May 2024	03. May 2024

Versions Compared

Key

Request

Repsonse

Revocation Endpoint

Page Comparison

Versions Compared

Key

Request

Repsonse

Revocation Endpoint