Fortinet black logo

REST API Solution Guide

Home FortiAuthenticator 6.4.5 REST API Solution Guide

OAuth server verify token (/oauth/verify_token/)

6.4.5
6.6.0
6.5.4
6.5.3
6.5.2
6.5.1
6.5.0
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.3.4
6.3.3
6.3.2
6.3.1
6.3.0
6.2.2
6.2.1
6.2.0
6.1.3
6.1.2
6.1.1
6.1.0
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.5.0
5.4.0
5.3.0
5.2.0
5.1.0
5.0.0
Copy Link
Copy Doc ID 786afad8-0d19-11ed-bb32-fa163e15d75b:26112
Download PDF

OAuth server verify token (/oauth/verify_token/)

URL: https://[server_name]/api/v1/oauth/verify_token/?client_id=<client_id>

This is an endpoint for verifying an access token, to determine whether or not it is valid. Returns a HTTP 200 OK response if the token is valid. Username is returned upon success. You do not need to specify a client secret as a parameter for confidential applications.

Supported fields

Field Display name Type Required Other restrictions
client_id String ID of client or application string Yes Must be present as a query parameter

Allowed methods

HTTP method Resource URI Action

Note
GET /api/v1/oauth/verify_token/ Verify specified token

The access token must be placed in the Authorization header of the request in this format: 'Authorization: Bearer [ACCESS_TOKEN]'

Response codes

In addition to the general codes defined in General API response codes, a POST request to this resource can also result in the following return codes:

Code Response content Description
200 OK Username is returned upon success

Token was successfully verified.

Includes expires_in field that gives number of seconds until expiry of the verified access token.
401 Unauthorized because token is not valid.

Example

Verify a Token:

curl -k -v -X GET \

https://[FAC_IP]/api/v1/oauth/verify_token/ \

-H 'Content-Type: application/json' \

-H 'Authorization: Bearer Ua3tkmlDtePw7EQIXb1a2oGNkw4Li'

Response:

200 OK

Previous
Next

OAuth server verify token (/oauth/verify_token/)

URL: https://[server_name]/api/v1/oauth/verify_token/?client_id=<client_id>

This is an endpoint for verifying an access token, to determine whether or not it is valid. Returns a HTTP 200 OK response if the token is valid. Username is returned upon success. You do not need to specify a client secret as a parameter for confidential applications.

Supported fields

Field Display name Type Required Other restrictions
client_id String ID of client or application string Yes Must be present as a query parameter

Allowed methods

HTTP method Resource URI Action

Note
GET /api/v1/oauth/verify_token/ Verify specified token

The access token must be placed in the Authorization header of the request in this format: 'Authorization: Bearer [ACCESS_TOKEN]'

Response codes

In addition to the general codes defined in General API response codes, a POST request to this resource can also result in the following return codes:

Code Response content Description
200 OK Username is returned upon success

Token was successfully verified.

Includes expires_in field that gives number of seconds until expiry of the verified access token.
401 Unauthorized because token is not valid.

Example

Verify a Token:

curl -k -v -X GET \

https://[FAC_IP]/api/v1/oauth/verify_token/ \

-H 'Content-Type: application/json' \

-H 'Authorization: Bearer Ua3tkmlDtePw7EQIXb1a2oGNkw4Li'

Response:

200 OK

Previous
Next