# 1. Verify access token API using Basic Authentication As per the diagram shown in [Figure 9](https://docs.uaepass.ae/feature-guides/authentication/token-validation-api/introduction), the resource server SP needs to obtain the access token before verifying the token of client app. Below here is the API detail to obtain the token: ### cURL Request for Token Generation Call ``` curl --location --request POST 'https://stg-id.uaepass.ae/idshub/introspect' \ --header 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' \ --header 'Authorization: Basic <>' \ --header 'Cookie: NSC_EJE_TUBH_USVTUY_MC_8082=ffffffffaf1a571d45525d5f4f58455e445a4a4229a2' \ --data-urlencode 'token=<> ``` ## API detail to verify the Token `POST` `https://stg-id.uaepass.ae/idshub/introspect` #### Path Parameters | Name | Type | Description | | ----- | ----- | ------------------------------------ | | token | query | Access token of Client App to verify | #### Headers | Name | Type | Description | | ------------- | ------ | ------------------------------------------------ | | Content-Type | string | Application/x-www-form-urlencoded; charset=UTF-8 | | Authorization | string | Basic {**base64 format of client credentials**} | {% tabs %} {% tab title="400: Bad Request Invalid token response" %} ```json { {"active":false,} } ``` {% endtab %} {% tab title="200: OK Valid token response" %} ```javascript { "sub": "sample_web_stage", "nbf": 1633262176, "scope": "internal_application_mgt_view", "iss": "https://qa-ids.uaepass.ae:443/oauth2/token", "client_claims": { "sub": "sample_web_stage", "acr": "", "domain": "urn:safelayer:eidas:domain:oauth:client", "amr": "", "distinguished_name": "Sample Web Application", "name": "Sample Web Application" }, "active": true, "token_type": "Bearer", "exp": 1633265776, "iat": 1633262176, "client_id": "sample_web_stage", "username": "admin@carbon.super" } ``` {% endtab %} {% endtabs %} **Response Parameter Details:** | Name | Description | | --------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | active | True if the token is valid (issued by TrustedX and not expired); false otherwise. When this property is false, it is the only property in the response. | | token\_type | Type of access token. Always has the “Bearer” value. | | scope | Scopes granted to those to which the access token is associated, separated by spaces. | | exp | When the token expires, expressed as the number of seconds from 1 January 1970 (UTC). | | iat | When the token was issued, expressed as the number of seconds from 1 January 1970 (UTC). | | iss | Token issuer. | | client\_id | Client identifier of the OAuth 2.0 application registered in UAE PASS for which the token was issued. | | client\_claims | Attributes of the client application and information on how it was authenticated by UAEPASS. | | sub | User identifier. | | user\_claims | Claims of the user. | | times\_verified | Number of times that the token had been previously verified, without including the current verification. The first time a token is verified, this field takes the value of 0. |