# Verify & decode an access token

**POST /groups/{groupId}/apps/{appId}/users/verify_token**

Verify a that a user's client access token is valid.


## Servers
- The root API resource and starting point for the App Services API.: https://services.cloud.mongodb.com/api/admin/v3.0 (The root API resource and starting point for the App Services API.)


## Authentication methods
- Token auth


## Parameters

### Path parameters
- **groupId** (string)
  An Atlas [Project/Group
  ID](https://docs.atlas.mongodb.com/tutorial/manage-projects/).
- **appId** (string)
  The ObjectID of your application.
  [The App Services API Project and Application IDs section](#section/Project-and-Application-IDs) demonstrates how to find this
  value.


### Body: application/json (object)
The user's client access token. The access token represents a logged in application user. This is not the same as the
[``access_token``](https://www.mongodb.com/zh-cn/docs/atlas/app-services/admin/api/v3/#section/Get-Authentication-Tokens)
that you use to work with the Admin API.
- **token** (string)



## Responses
### 200
Token is valid or expired.

#### Body: application/json (string)
string
### 400
Bad request

#### Body: application/json (object)
- **error** (string)
  A message that describes the error.
- **error_code** (string)
  The error type.

### 401
Invalid Session

#### Body: application/json (object)
- **error** (string)
  A message that describes the error.
- **error_code** (string)
  The error type.


[Powered by Bump.sh](https://bump.sh)