© 2018 Capita Business Services Ltd. All rights reserved.

Capita Education Software Solutions is a trading name of Capita Business Services Ltd. Our Registered office is 30 Berners Street, London, W1T 3LR and our registered number is 02299747. Further information about Capita plc can be found in our legal statement.

Access Token Validation Endpoint

The access token validation endpoint can be used to validate self-contained JWTs if the consumer does not have support for appropriate JWT or cryptographic libraries.

You can either GET or POST to the validation endpoint. Due to query string size restrictions, POST is recommended.

Example

POST /connect/accesstokenvalidation

token=<token>

or

GET /connect/accesstokenvalidation?token=<token>

A successful response will return a status code of 200 and the associated claims for the token. An unsuccessful response will return a 400 with an error message.

It is also possible to pass a scope that is expected to be inside the token:

POST /connect/accesstokenvalidation

token=<token>&
expectedScope=partner

Whilst this endpoint can be used to validate reference tokens, we advise not to do so for confidentiality purposes as the access token validation endpoint does not enforce client authentication.

Web - SIMS ID Based APIs RESOURCES

Related resources for Web - SIMS ID Based APIs