# Verify an access token Use this API to very if a token is valid. Pass the token value in the request body. The response shows if the token is valid, along with information about the token. Only the token creator can verify IMPERSONATED tokens. If you do not have the Create Impersonated Token and relevant Manage Users permissions, the API returns obfuscated values. Endpoint: POST /uar/v1/token/verification Version: 2024.09 ## Request fields (application/json): - `accessToken` (string, required) The value of the access token that should be verified. ## Response 200 fields (application/json): - `responseObject` (object) - `responseObject.expiryStr` (string, required) Lifetime of the token as specified when the token was created. Format: y M d h m, where y=years, M=months, d=days, h=hours, m=minutes (case sensitive), and representing any number. - `responseObject.tokenDescription` (string) Mandatory for IMPERSONATED tokens; optional for NORMAL tokens. For IMPERSONATED tokens, this field should capture the impersonation reason. - `responseObject.tokenExpiryMillis` (integer) The date and time when the token expires in milliseconds since 1970-01-01 00:00 (Epoch time). - `responseObject.tokenIssueMillis` (integer) The date and time when the token was issued in milliseconds since 1970-01-01 00:00 (Epoch time). - `responseObject.tokenName` (string, required) The name of the token that was verified. - `responseObject.tokenCreator` (string) The email address of the user who created the token. For NORMAL tokens, the email address for tokenCreator is the same as that for username. For IMPERSONATED tokens, the email addresses usually differ. - `responseObject.tokenType` (string, required) The type of token that was verified. Enum: "NORMAL", "IMPERSONATED" - `responseObject.username` (string, required) The user for whom the token was created. Usually this is specified as an email address. For NORMAL tokens, the email address for tokenCreator is the same as that for username. - `statusMessage` (string) The status message related to this API request.