[{"label":"Latest (v1.0)","version":"latest"}]
csp

Get Token Introspection Details

Description

The call is protected by HTTP Basic authentication with client_id and client_secret. Note: when using Public OAuth clients, Authorization is required using the format ‘Basic Base64_Encode(client_id:)’ with empty client_secret. This endpoint follows the token introspection specifications defined in https://tools.ietf.org/html/rfc7662. Only introspection of refresh tokens is supported. Include the parameter using application/x-www-form-urlencoded format in the HTTP request body.

Access Policy

Role User Accounts Service Accounts (Client Credentials Applications)
Anonymous ✔️ ✔️

Request

Request

URL

URL


post
https://{api_host}/csp/gateway/am/api/auth/introspect
Copy

Header Parameters

Header Parameters

string
authorization Required

Basic auth with client credentials [Basic Base64_Encode(client_id:client_secret)] Note: when using Public OAuth clients, Authorization is required using the format ‘Basic Base64_Encode(client_id:)’ with empty client_secret.

Parameter Serialization Style: simple Explode:false

Request Body

Request Body

GetTokenIntrospectionDetails of mimetype application/x-www-form-urlencoded Optional

The application/x-www-form-urlencoded form data type.

{
	"token": "string"
}
string
token Required

The token to be introspected.

Authentication

Authentication

This operation uses the following authentication methods.

Response

Response

Response Body

Response Body

200 OK

Returns TokenIntrospectionResponse of type application/json

JSON object representing the refresh token’s information. The ‘active’ top-level member will indicate whether or not the presented token is currently active. If active, additional members will be present in the response.

{
	"active": false,
	"exp": 0,
	"iat": 0,
	"orgId": "string",
	"sub": "string",
	"token_type": "string"
}
boolean
active Optional

Indicator of whether or not the presented token is currently active.


integer as int64
exp Optional

The timestamp the token expires at (measured in number of seconds since 1/1/1970 UTC).


integer as int64
iat Optional

The timestamp the token was created at (measured in number of seconds since 1/1/1970 UTC).


string
orgId Optional

Unique identifier (GUID) of the organization.


string
sub Optional

The unique identifier of the user, on behalf of which the token was issued.


string
token_type Optional

The type of the token.

Errors

Errors

400

Authorization header must be specified | Invalid authorization header. Missing “Basic” prefix | Invalid authorization header | Bad Request - Client ID in path doesn’t match the Client ID in the Basic Authorization Header.


404

The requested resource could not be found


409

The request could not be processed due to a conflict


429

The user has sent too many requests


500

An unexpected error has occurred while processing the request

Code Samples

Code Samples

PowerCLI Client SDK Example

Invoke-GetTokenIntrospectionDetailsUsingPOST -Authorization "MyAuthorization" -Token "MyToken"

cURL Command

curl -X POST -H "authorization: string" -H "Content-Type: application/x-www-form-urlencoded" -d '{"token":"string"}' https://{api_host}/csp/gateway/am/api/auth/introspect
Vendor Extensions

Vendor Extensions

This operation contains the following vendor extensions defined in the spec:
x-required-roles: ""
x-slo-tier: TIER2


Feedback

Was this page helpful?