How to validate a personal access token

To validate the personal access token claims, you can use the PolyWorks|DataLoop OAuth endpoint: POST https://{Fully qualified domain name}/dataloopcore/identity/connect/introspect.

The endpoint returns a JSON object containing the claims of the personal access token. For example, the "exp" claim contains the token's expiration timestamp in Unix epoch format:

{
    "iss": "https://example.com/dataloopcore/identity",
    "nbf": 1753967670,
    "iat": 1753967670,
    "exp": 1756646070,
    "aud": "DataLoopCoreApi",
    "client_id": "public",
    "sub": "00000000-0000-0000-0000-000000000000",
    "sid": "00000000-0000-0000-0000-000000000000",
    "dataloop_user": "dataloop_user",
    "token_type": "access_token",
    "active": true,
}

It requires an Authorization header using the Basic scheme, and a body with the content type application/x-www-form-urlencoded containing the value token=your personal access token.

POST https://example.com/dataloopcore/identity/connect/introspect
Authorization: Basic cHVibGljOg==

token=your personal access token

📘

Note

cHVibGljOg== is the base64 encoded value of public:

Additional information

Token introspection RFC 7662

JSON Web Token (JWT) Claims RFC 7519