Check whether the session behind an access token is still valid.
const url = 'https://connect-api.sudomimus.com/introspect';const options = { method: 'POST', headers: {'Content-Type': 'application/json'}, body: '{"accessToken":"example"}'};
try { const response = await fetch(url, options); const data = await response.json(); console.log(data);} catch (error) { console.error(error);}curl --request POST \ --url https://connect-api.sudomimus.com/introspect \ --header 'Content-Type: application/json' \ --data '{ "accessToken": "example" }'Returns the revocation status of the refresh token (session) that the
supplied access token descends from. Intended for strict applications
that want near-real-time revocation: validate the access token offline
as usual, then call this endpoint — caching the result for at least
recommendedRecheckSeconds — to decide whether to keep trusting it.
The access token is self-authenticating: its signature is verified against the issuing application’s public key, so no client-auth JWT is required. The access token’s own expiry is NOT enforced here; the answer describes the underlying session, not the access token’s freshness.
Request Body required
Section titled “Request Body required ”object
A Sudomimus-issued access token (JWT). Its signature is verified; its own expiry is not enforced.
Example generated
{ "accessToken": "example"}Responses
Section titled “ Responses ”Status of the session behind the access token.
object
Revocation state of the session behind the access token. not_found
covers an unknown session or one belonging to a different application.
Suggested minimum number of seconds to cache this result before re-checking.
Example
{ "status": "active"}Access token missing, malformed, or with an invalid signature.
Error response body. The Connect service emits { "reason": "<SymbolDescription>" }
for known failure modes. When the reason symbol’s description begins with
PRIVATE, the body is empty (zero bytes) and only the HTTP status carries
signal — both reason and the body itself are absent in that case.
object
Stable machine-readable reason code.
Example generated
{ "reason": "example"}default
Section titled “default ”Error response.
Error response body. The Connect service emits { "reason": "<SymbolDescription>" }
for known failure modes. When the reason symbol’s description begins with
PRIVATE, the body is empty (zero bytes) and only the HTTP status carries
signal — both reason and the body itself are absent in that case.
object
Stable machine-readable reason code.
Example generated
{ "reason": "example"}