> ## Documentation Index
> Fetch the complete documentation index at: https://stytch.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Introspect Token

> Examine and introspect a token for a Connected Apps client.

export const projectDomain_0 = undefined

Examine and introspect a token for the given Connected Apps client. All standard OIDC claims, as well as custom claims, will be returned.

The active status can be used to determine if the token is active.

This endpoint supports both [access tokens](/api-reference/consumer/api/connected-apps/exchange-authorization-code) and [refresh tokens](/api-reference/consumer/api/connected-apps/exchange-authorization-code#refresh-token).

This endpoint is an [RFC-7662](https://datatracker.ietf.org/doc/html/rfc7662) compliant token introspection endpoint.

* This endpoint supports passing the `client_id` and `client_secret` within the request body as well as within a [HTTP-Basic Auth](https://datatracker.ietf.org/doc/html/rfc6749#section-2.3.1) header.
* This endpoint supports the `application/x-www-form-urlencoded` content type.

<Info>
  We recommend using the [Custom Domain](/connected-apps/resources/custom-domains) whenever possible. For backwards compatibility reasons, this endpoint is also available at `https://test.stytch.com/v1/public/${projectId}/oauth2/introspect`.
</Info>

## Body

<ParamField body="token" type="string" required>
  The token to introspect.
</ParamField>

<ParamField body="token_type_hint" type="string" required>
  A hint for the type of the token. Possible values are `access_token` and `refresh_token`.
</ParamField>

<ParamField body="client_id" type="string" required>
  The ID of the Connected App client.
</ParamField>

<ParamField body="client_secret" type="string">
  The secret of the Connected App client. **Required for confidential clients**
</ParamField>

## Response

<ResponseField name="active" type="boolean">
  Whether the token is active.
</ResponseField>

<ResponseField name="scope" type="string">
  The scopes granted to the token.
</ResponseField>

<ResponseField name="client_id" type="string">
  The ID of the Connected App client.
</ResponseField>

<ResponseField name="token_type" type="string">
  The type of the token. Possible values are `access_token` and `refresh_token`.
</ResponseField>

<ResponseField name="exp" type="number">
  The expiration time of the token, expressed as a Unix timestamp.
</ResponseField>

<ResponseField name="iat" type="number">
  The time at which the token was issued, expressed as a Unix timestamp.
</ResponseField>

<ResponseField name="sub" type="string">
  The subject of the token. This is a unique identifier for the user.
</ResponseField>

<ResponseField name="iss" type="string">
  The issuer of the token. This is the domain of your project, e.g. https\://\${projectDomain_0} by default, or stytch.com/PROJECT\_ID if the token was retrieved using the stytch.com domain. See the [Custom Domain](/connected-apps/resources/custom-domains) guide for more information.
</ResponseField>

<ResponseField name="aud" type="string">
  The audience (`client_id`) that the token is intended for. Additional custom audiences can be defined for the token by setting the `access_token_custom_audience` parameter on the client object.
</ResponseField>

<ResponseField name="request_id" type="string">
  Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we
  may ask for this value to help identify a specific API call when helping you debug an issue.
</ResponseField>

<ResponseField name="status_code" type="number">
  The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values
  equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
</ResponseField>

<Panel>
  <RequestExample>
    ```js Node SDK theme={null}
    const stytch = require('stytch');

    const client = new stytch.B2BClient({
      project_id: '${projectId}',
      secret: '${secret}',
      custom_base_url: '${projectDomain}',
    });

    const params = {
      token: 'eyJ...',
      client_id: '${exampleConnectedAppClientID}',
      client_secret: '${exampleConnectedAppClientSecret}',
      token_type_hint: 'access_token',
    };

    const options = {
      authorization_check: {
        organization_id: '${organizationId}',
        resource_id: 'documents',
        action: 'create',
      },
    };

    client.idp
      .introspectTokenNetwork(params, options)
      .then((resp) => {
        console.log(resp);
      })
      .catch((err) => {
        console.log(err);
      });

    ```

    ```go Go SDK theme={null}
    package main

    import (
    	"context"
    	"log"

    	"github.com/stytchauth/stytch-go/v16/stytch/b2b/b2bstytchapi"
    	"github.com/stytchauth/stytch-go/v16/stytch/b2b/idp"
    )

    func main() {
    	client, err := b2bstytchapi.NewClient(
    		"${projectId}",
    		"${secret}",
    		b2bstytchapi.WithBaseURI("${projectDomain}"),
    	)
    	if err != nil {
    		log.Fatalf("error instantiating client: %v", err)
    	}

    	_, err = client.IDP.IntrospectTokenNetwork(context.Background(), &idp.IntrospectTokenNetworkParams{
    		Token:        "eyJ...",
    		ClientID:     "${exampleConnectedAppClientID}",
    		ClientSecret: "${exampleConnectedAppClientSecret}",
    	})
    	if err != nil {
    		log.Fatalf("error in method call: %v", err)
    	}
    }
    ```

    ```python Python SDK theme={null}
    from stytch import B2BClient
    from stytch.b2b.models.sessions import AuthorizationCheck

    client = B2BClient(
        project_id="${projectId}",
        secret="${secret}",
        custom_base_url="${projectDomain}",
    )

    resp = client.idp.introspect_token_network(
        token="eyJ...",
        client_id="${exampleConnectedAppClientID}",
        client_secret="${exampleConnectedAppClientSecret}",
        token_type_hint="access_token",
        authorization_check=AuthorizationCheck(
          organization_id='${organizationId}',
          resource_id='documents',
          action='create'
        ),
    )

    print(resp)

    ```

    ```ruby Ruby SDK theme={null}
    require 'stytch'

    client = StytchB2B::Client.new(
      project_id: '${projectId}',
      secret: '${secret}',
      custom_base_url: '${projectDomain}',
    )

    resp = client.idp.introspect_token_network(
        token="eyJ...",
    )

    print(resp)

    ```

    ```curl cURL theme={null}
    curl --request POST \
      --url https://${projectDomain}/v1/oauth2/introspect \
      -H 'Content-Type: application/x-www-form-urlencoded' \
      -d 'client_id=${exampleConnectedAppClientID} \
        &client_secret=${exampleConnectedAppClientSecret} \
        &token=eyJ...'

    ```
  </RequestExample>

  <ResponseExample>
    ```json 200 theme={null}
    {
      "active": true,
      "aud": ["PROJECT_ID"],
      "client_id": "connected-app-test-d731954d-dab3-4a2b-bdee-07f3ad1be888",
      "exp": 1738848103,
      "iat": 1738844503,
      "iss": "https://${projectDomain}",
      "scope": "openid email profile",
      "sub": "member-test-32fc5024-9c09-4da3-bd2e-c9ce4da9375f",
      "token_type": "access_token",
      "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
      "status_code": 200
    }
    ```

    ```json 200 Inactive Token theme={null}
    {
      "active": false,
      "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
      "status_code": 200
    }
    ```

    ```json 404 theme={null}
    {
      "status_code": 404,
      "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
      "error_type": "idp_client_not_found",
      "error_message": "The IDP client requested could not be found.",
      "error_url": "https://stytch.com/docs/api/errors/404"
    }
    ```

    ```json 429 theme={null}
    {
      "status_code": 429,
      "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
      "error_type": "too_many_requests",
      "error_message": "Too many requests have been made.",
      "error_url": "https://stytch.com/docs/api/errors/429"
    }
    ```

    ```json 500 theme={null}
    {
      "status_code": 500,
      "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
      "error_type": "internal_server_error",
      "error_message": "Oops, something seems to have gone wrong, please reach out to support@stytch.com to let us know what went wrong.",
      "error_url": "https://stytch.com/docs/api/errors/500"
    }
    ```
  </ResponseExample>
</Panel>
