Get metadata about an OAuth token

POST /oauth/introspect

/oauth/introspect returns metadata about an access token or refresh token.

Note: This endpoint supports Content-Type: application/x-www-form-urlencoded as well as JSON. The fields for the form are equivalent to the fields for JSON and conform to the OAuth 2.0 specification.

Request Body

Required

OAuth token introspect request.

Parameters

token
required, string
An OAuth token of any type (refresh_token, access_token, etc)
client_id
string
Your Plaid API client_id. The client_id is required and may be provided either in the PLAID-CLIENT-ID header or as part of a request body.
client_secret
string
Your Plaid API secret. The secret is required and may be provided either in the PLAID-SECRET header or as part of a request body as either secret or client_secret.
secret
string
Your Plaid API secret. The secret is required and may be provided either in the PLAID-SECRET header or as part of a request body as either secret or client_secret.

Response

OAuth token introspect response

Response Properties

active
required, boolean
Boolean indicator of whether or not the presented token is currently active. A true value indicates that the token has been issued, has not been revoked, and is within the time window of validity.
scope
string
A JSON string containing a space-separated list of scopes associated with this token, in the format described in https://datatracker.ietf.org/doc/html/rfc6749#section-3.3. Currently accepted values are: user:read allows reading user data. user:write allows writing user data. exchange allows exchanging a token using the urn:plaid:params:oauth:user-token grant type. mcp:dashboard allows access to the MCP dashboard server.
client_id
string
Your Plaid API client_id. The client_id is required and may be provided either in the PLAID-CLIENT-ID header or as part of a request body.
exp
integer
Expiration time as UNIX timestamp since January 1 1970 UTC
iat
integer
Issued at time as UNIX timestamp since January 1 1970 UTC
sub
string
Subject of the token
aud
string
Audience of the token
iss
string
Issuer of the token
token_type
string
Type of the token
user_id
string
User ID of the token
request_id
required, string
A unique identifier for the request, which can be used for troubleshooting. This identifier, like all Plaid identifiers, is case sensitive.