Verify & decode an access token

POST /groups/{groupId}/apps/{appId}/users/verify_token
Token auth

Verify a that a user's client access token is valid.

Path parameters

application/json

Body Required

The user's client access token. The access token represents a logged in application user. This is not the same as the access_token that you use to work with the Admin API.

  • token string Required

Responses

  • 200 application/json

    Token is valid or expired.

    One of:
    string-1 string object-2 object

    The token is valid but has expired.

    Value is token expired.
  • 400 application/json

    Bad request

    Hide response attributes Show response attributes object
    • error string

      A message that describes the error.

    • error_code string

      The error type.
  • 401 application/json

    Invalid Session

    Hide response attributes Show response attributes object
    • error string

      A message that describes the error.

      Value is invalid session.

    • error_code string

      The error type.

      Value is InvalidSession.
POST /groups/{groupId}/apps/{appId}/users/verify_token 
curl \
 --request POST 'https://services.cloud.mongodb.com/api/admin/v3.0/groups/{groupId}/apps/{appId}/users/verify_token' \
 --header "Authorization: Bearer $ACCESS_TOKEN" \
 --header "Content-Type: application/json" \
 --data '{"token":"string"}'
Request examples 
{
  "token": "string"
}
Response examples (200) 
token expired
{
  "sub": "string",
  "aud": "string",
  "exp": 42,
  "iat": 42,
  "iss": "string",
  "custom_user_data": {},
  "domain_id": "string",
  "data": "string",
  "device_id": "string"
}
Response examples (400) 
{
  "error": "string",
  "error_code": "string"
}
Response examples (401) 
{
  "error": "invalid session",
  "error_code": "InvalidSession"
}