The Introspection endpoint allows you to validate and obtain information about an access token issued by Stafbook Auth. This endpoint enables you to verify the authenticity and validity of an access token, ensuring secure communication with Stafbook services. The Introspection endpoint supports the HTTP POST method.



Token Introspection

Request Body




The access token to be introspected.

  "active": true,
  "iat": {
    "date": "2023-07-13 12:58:45.000000",
    "timezone_type": 1,
    "timezone": "+00:00"
  "nbf": {
    "date": "2023-07-13 12:58:45.000000",
    "timezone_type": 1,
    "timezone": "+00:00"
  "exp": {
    "date": "2024-07-13 12:58:45.000000",
    "timezone_type": 1,
    "timezone": "+00:00"
  "iss": "",
  "aud": [
  "sub": "99a2fcf2-7811-4563-a4ca-caad51556385",
  "scs": [

In this updated response, we have included the following additional fields:

iat: The issued-at timestamp indicates when the token was generated.
nbf: The not-before timestamp indicates the time before which the token is not valid.
iss: The issuer identifies the entity that issued the access token.
aud: The audience represents the intended recipients or target applications for the access token.
sub: The subject identifies the user or entity associated with the access token.
scs: The scopes represent the permissions or access rights granted to the access token.

These fields provide more information about the access token and its associated metadata, allowing you to further validate and utilize the token within your application.

Please note that the Introspection endpoint is currently the only available public endpoint in the Stafbook Auth API. Refer to this documentation for any updates on additional endpoints or functionality.

Using the Introspection endpoint, you can validate access tokens and obtain important information associated with them, ensuring secure authentication and authorization with Stafbook services.

Last updated