Introspect OAuth 2.0 Token

curl --request POST \
  --url https://{cluster}.voucherify.io/v1/oauth/introspect \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --header 'X-App-Id: <api-key>' \
  --header 'X-App-Token: <api-key>' \
  --data access_token=1ABCde2FGHijKl3m4NO5pqR6STUv7wxYzAbc8dE90FgH1IJkLm

{
  "access_token": "1ABCde2FGHijKl3m4NO5pqR6STUv7wxYzAbc8dE90FgH1IJkLm",
  "client_id": "a1Bcdefg2HI3Jkl4m5nOP",
  "expires_at": 1738945086,
  "expires_in": 555,
  "scope": "api",
  "token_type": "Bearer",
  "active": true
}

POST

oauth

introspect

Introspect OAuth 2.0 Token

curl --request POST \
  --url https://{cluster}.voucherify.io/v1/oauth/introspect \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --header 'X-App-Id: <api-key>' \
  --header 'X-App-Token: <api-key>' \
  --data access_token=1ABCde2FGHijKl3m4NO5pqR6STUv7wxYzAbc8dE90FgH1IJkLm

{
  "access_token": "1ABCde2FGHijKl3m4NO5pqR6STUv7wxYzAbc8dE90FgH1IJkLm",
  "client_id": "a1Bcdefg2HI3Jkl4m5nOP",
  "expires_at": 1738945086,
  "expires_in": 555,
  "scope": "api",
  "token_type": "Bearer",
  "active": true
}

Authorizations

X-App-Id

string

header

required

X-App-Token

string

header

required

Body

application/x-www-form-urlencoded

Send the request as x-www-form-urlencoded.

Request body schema for POST /oauth/introspect.

access_token

string

required

An OAuth 2.0 token generated with the API token and key.

Example:

"1ABCde2FGHijKl3m4NO5pqR6STUv7wxYzAbc8dE90FgH1IJkLm"

Response

Returns details about an existing token and its expiration times. If an nonexistent token is sent in the request, the response returns that it is inactive.

Response body schema for POST /oauth/introspect. Details about the OAuth token.

access_token

string

required

The access token used to authorize access to the Voucherify API.

client_id

string

required

Unique client identifier, assigned by Voucherify, for OAuth.

expires_at

integer

required

Timestamp in seconds in the Unix format indicating when the token expires.

expires_in

integer

required

Number of seconds left until the token expires.

scope

string

required

Defines the scope of possible actions that can be done with the OAuth token. The api scope allows using the server-side API. The client_api scope allows using the whole client-side API. Possible values: api, assets, async-actions, campaigns, categories, client_api, client_consents, client_customers, client_events, client_promotions, client_publish, client_qualifications, client_redeem, client_redemptions, client_validate, client_validations, client_vouchers, consents, customers, events, exports, locations, loyalties, metadata-schemas, orders, product-collections, products, promotions, publications, qualifications, redemptions, referrals, rewards, segments, skus, task-results, templates, trash-bin, validation-rules-assignments, validation-rules, validations, vouchers.

token_type

enum<string>

default:Bearer

required

Type of the token. Use the value as the header prefix for authorization.

Available options:

Bearer

active

boolean

required

Determines if the token is active. Nonexistent tokens are also marked as inactive.

Generate OAuth 2.0 Token Revoke OAuth 2.0 Token

⌘I

Endpoints

Events

Introspect OAuth 2.0 Token

Authorizations

Body

Response